Samsung releases October 2024 update, patching multiple flaws including 5 critical

Samsung's October 2024 security update addresses multiple critical vulnerabilities in its proprietary librtppayload component, which affects Galaxy devices running Android 12, 13, and 14. These flaws pose serious risks as they allow remote attackers to execute arbitrary code with system-level privileges, though they require some level of user interaction to exploit​(

Key vulnerabilities addressed are Out-of-Bounds Write Issues:

• CVE-2024-34665 (CVSS score 7.5) - SVE-2024-1490 - Affects h.264 format parsing.
• CVE-2024-34666 (CVSS score 7.5) - SVE-2024-1492 - Affects h.264 in a specific mode.
• CVE-2024-34667 (CVSS score 7.5) - SVE-2024-1494 - Affects h.265 format parsing.
• CVE-2024-34668 (CVSS score 7.5) - SVE-2024-1495 - Affects h.263 format parsing.
• CVE-2024-34669 (CVSS score 7.5) - SVE-2024-1496 - Affects h.263+ format parsing.

These issues can allow attackers to gain access to memory regions outside of defined boundaries, leading to potential system compromise​

Samsung has released the SMR (Security Maintenance Release) October 2024 update to resolve these issues. The update also includes patches from Qualcomm related to hardware vulnerabilities initially part of Android's September release. This update will be rolled out by device model, region, and carrier, with newer and flagship models receiving patches sooner than older or lower-tier devices​.

Even though there are currently no confirmed reports of active exploitation of these vulnerabilities, Samsung urges users to update their devices as soon as the patch becomes available. Additionally, Samsung has indicated that some Samsung Vulnerabilities and Exposures (SVE) details remain undisclosed, suggesting other issues may be addressed within this release.