Samsung releases the August 2024 update for Galaxy devices, fixes critical issues
Take action: If you are using Samsung Galaxy series device, update. The new release has a bunch of fixes, some will be exploited. It takes about an hour, so click update and take a walk, or read a book while waiting.
Learn More
Samsung has started the August 2024 update rollout for all eligible Galaxy devices, including both phones and tablets worldwide. This latest firmware update includes critical security patches designed to address zero-day vulnerabilities that could potentially allow hackers to seize control of devices and steal sensitive information.
Android phone users are strongly advised to update their devices with the latest software as soon as they receive a notification. Alternatively, users can manually check for updates by navigating to Settings >> System/About Phone >> Software Update and tapping the download button to install the latest version.
Samsung Mobile’s monthly Security Maintenance Release (SMR) includes patches from both Google and Samsung. The August 2024 package addresses multiple vulnerabilities:
Google Patches
- Critical: CVE-2024-21461
- High: CVE-2024-4610, CVE-2024-0153, CVE-2024-21460, CVE-2024-21465, CVE-2024-21469, CVE-2024-21462, CVE-2024-34724, CVE-2024-34725, CVE-2024-34726, CVE-2024-23373, CVE-2024-23372, CVE-2024-23368, CVE-2024-23380, CVE-2024-26923, CVE-2024-31334, CVE-2024-31335, CVE-2024-20077, CVE-2023-20971, CVE-2023-21351, CVE-2024-34731, CVE-2024-34735, CVE-2024-34737, CVE-2024-34738, CVE-2024-34739, CVE-2024-34740, CVE-2024-34741, CVE-2024-34743, CVE-2024-34736, CVE-2024-34742, CVE-2024-34727, CVE-2024-34745, CVE-2024-34746, CVE-2024-36971, CVE-2024-32896
- Already included in previous updates: CVE-2024-20076
- Not applicable to Samsung devices: CVE-2024-34734, CVE-2024-34744
Samsung Semiconductor Patches
- High: CVE-2024-3196
Samsung Vulnerabilities and Exposures (SVE)
- Critical:
- CVE-2024-34619: Improper input validation in librtp.so, allowing remote attackers to execute arbitrary code with system privilege (Android 12, 13, 14)
- High:
- CVE-2024-34612: Out-of-bound write in libcodec2secmp4vdec.so, allowing local attackers to execute arbitrary code (Android 12, 13, 14)
- CVE-2024-34614: Out-of-bound write in libsmat.so, allowing local attackers to execute arbitrary code (Android 12, 13, 14)
- CVE-2024-34620: Improper privilege management in SumeNNService, allowing local attackers to start privileged service (Android 13, 14)
- Moderate:
- CVE-2024-34609, CVE-2024-34608, CVE-2024-34607, CVE-2024-34606, CVE-2024-34605, CVE-2024-34604: Improper access control in several system services (Android 12, 13, 14)
- CVE-2024-34610: Improper access control in ExtControlDeviceService, allowing local attackers to access protected data (Android 12, 13, 14)
- CVE-2024-34611: Improper access control in KnoxService, allowing local attackers to get sensitive information (Android 12, 13, 14)
- CVE-2024-34613: Improper access control in Galaxy Watch, allowing local attackers to access sensitive information (Wear OS 4.0)
- CVE-2024-34615: Out-of-bound write in libsmat.so, causing memory corruption (Android 12, 13, 14)
- CVE-2024-34616: Improper handling of insufficient permission in KnoxDualDARPolicy, allowing local attackers to access sensitive data (Android 12, 13, 14)
- CVE-2024-34617: Improper handling of insufficient permission in Telephony, allowing local attackers to configure default Message application (Android 14)
- CVE-2024-34618: Improper access control in System property, allowing local attackers to access cell-related information (Android 12, 13, 14)
