Comply with ZDNET: Add us as a preferred source on Google.
ZDNET’s key takeaways
- Samsung issued a patch for a zero-day vulnerability.
- Android gadgets are affected by ongoing assaults within the wild.
- Samsung customers ought to settle for safety updates instantly.
Samsung has issued a patch to resolve a crucial vulnerability impacting its Android smartphone customers.
All impacted cellphone fashions will obtain the repair, which patches a vulnerability tracked as CVE-2025-21043. The safety flaw, issued a crucial base rating of 8.8 by Samsung Cellular (a CNA), is described as an “out-of-bounds write in libimagecodec.quram.so previous to SMR Sep-2025 Launch 1 permits distant attackers to execute arbitrary code.”
Additionally: Your Android phone’s most powerful security feature is hidden and off by default – turn it on now
The crucial vulnerability was privately disclosed by Meta and WhatsApp safety groups on August 13, 2025. The South Korean tech large was additionally knowledgeable that an exploit for this bug exists within the wild.
Samsung’s September security advisory states that CVE-2025-21043 impacts Android 13, 14, 15, and 16, the latter being the newest model of the working system.
Whereas a full listing of impacted handset fashions has not been launched, smartphones operating unpatched variations of Android will possible be weak to the exploit, which might permit attackers to execute malicious code on a weak handset.
Developed by Quramsoft, libimagecodec.quram.so is a picture parsing library utilized by apps to parse and decode picture codecs on Samsung gadgets. This is not the primary time a safety subject has impacted image-related software program on Samsung handsets, as with CVE-2020-8899, through which an unauthenticated attacker might ship a malicious MMS to carry out a distant code execution (RCE) assault with out consumer interplay.
Additionally: 7 ways to lock down your phone’s security – before it’s too late
Samsung’s pressing launch, following WhatsApp’s personal disclosure of the lively exploit, builds upon Apple’s mitigation of the same vulnerability, tracked as CVE-2025-43300, which is described as a reminiscence corruption subject that happens when malicious picture recordsdata are processed.
In a security advisory in August, WhatsApp famous lively assaults and stated that it resolved a separate flaw impacting the messaging service that “might have allowed an unrelated consumer to set off processing of content material from an arbitrary URL on a goal’s machine.”
When chained with Apple’s CVE-2025-43300, WhatsApp says, “this vulnerability could have been exploited in a complicated assault towards particular focused customers.”
It is unclear if Samsung’s CVE-2025-21043 could possibly be chained in the identical method, however for those who personal a Samsung handset, as quickly as you obtain a notification to replace to this newest safety patch, you must accomplish that. We all the time suggest you retain your handset up-to-date, and that is particularly essential when fixes for crucial safety points are launched.
