Adhere to ZDNET: Include us as a favored source on Google.
ZDNET’s crucial takeaways
- Samsung provided a spot for a zero-day susceptability.
- Android gadgets are impacted by recurring assaults in the wild.
- Samsung individuals should approve safety and security updates quickly.
Samsung has provided a patch to solve a crucial susceptability impacting its Android smart device individuals.
All affected phone designs will receive the solution, which covers a susceptability tracked as CVE- 2025 – 21043 The security defect, issued an important base score of 8 8 by Samsung Mobile (a CNA), is referred to as an “out-of-bounds create in libimagecodec.quram.so prior to SMR Sep- 2025 Launch 1 permits remote opponents to implement arbitrary code.”
The important susceptability was privately disclosed by Meta and WhatsApp protection groups on August 13, 2025 The South Korean technology giant was likewise notified that a make use of for this pest exists in the wild.
Samsung’s September security advising states that CVE- 2025 – 21043 effects Android 13, 14, 15, and 16, the last being the most up to date version of the operating system.
While a full checklist of affected mobile models has not been released, mobile phones running unpatched versions of Android will likely be at risk to the make use of, which can allow assailants to carry out harmful code on an at risk handset.
Established by Quramsoft, libimagecodec.quram.so is a photo parsing library made use of by applications to parse and translate photo layouts on Samsung gadgets. This isn’t the first time a protection concern has impacted image-related software program on Samsung handsets, as with CVE- 2020 – 8899 , in which an unauthenticated attacker could send out a malicious MMS to execute a remote code execution (RCE) strike without customer communication.
Also: 7 methods to lock down your phone’s protection – prior to it’s far too late
Samsung’s immediate release, following WhatsApp’s personal disclosure of the energetic exploit, builds on Apple’s mitigation of a comparable vulnerability, tracked as CVE- 2025 – 43300 , which is described as a memory corruption concern that occurs when harmful photo data are refined.
In a safety and security advising in August, WhatsApp kept in mind active attacks and stated that it fixed a different problem influencing the messaging solution that “could have enabled an unrelated customer to activate handling of content from an arbitrary link on a target’s gadget.”
When chained with Apple’s CVE- 2025 – 43300, WhatsApp says, “this susceptability may have been manipulated in a sophisticated strike against particular targeted users.”
It’s vague if Samsung’s CVE- 2025 – 21043 might be chained in the same way, but if you possess a Samsung mobile phone, as quickly as you get an alert to update to this latest safety and security patch, you must do so. We always recommend you keep your handset up-to-date, and this is particularly crucial when fixes for crucial safety and security problems are launched.