In our trendy digital panorama, software program points typically pop up that require pressing fixes. One such repair is at present rolling out for Samsung Galaxy telephones as we communicate, and when you haven’t checked your cellphone for updates at this time, you could wish to. The bug it fixes is a doozy.
The difficulty has a really technical identify known as CVE-2025-21043. Per Samsung’s replace web page, the bug allowed attackers to conduct an “out-of-bounds write in libimagecodec.quram.so” that “permits distant attackers to execute arbitrary code.”
In accordance with Google Mission Zero, libimagecodec.quram.so is a closed-source software that third-party messaging apps use to parse photos that attackers might use to hijack an individual’s smartphone. The patch going out to Samsung units now fixes an “incorrect implementation” of the software, stopping that from taking place.
Mashable Mild Velocity
The exploit, which was found in August by WhatsApp’s safety workforce, was reported to Samsung and Apple behind closed doorways in order to not unfold the information. There aren’t any public examples of hackers utilizing this vulnerability, however Samsung’s report notes that the Korean tech big was “made conscious of an exploit within the wild.” Thus, whereas any particular person WhatsApp person was unlikely to be focused, the instruments to take action existed.
WhatsApp has over three billion customers worldwide, so such an exploit might have carried out some harm, particularly if it have been made to focus on a number of customers without delay. As PCMag notes, Samsung didn’t point out another third-party messaging companies in its report, so it is unclear if solely WhatsApp was affected or if different companies might’ve been exploited with the vulnerability.
Apple was first to the punch to repair the exploit, which it did again in late August. It wasn’t the very same situation as Samsung was dealing with, nevertheless it had an analogous finish impact in that it might trigger telephones to be hijacked.
Samsung’s replace comes roughly two weeks after Google launched a duo of comparable safety flaws that additionally had exploits noticed within the wild as a part of Android’s month-to-month safety replace for September 2025.
Matters
Cybersecurity
Samsung
