In our fashionable digital panorama, software program points generally pop up that require pressing fixes. One such repair is presently rolling out for Samsung Galaxy telephones as we converse, and if you happen to haven’t checked your cellphone for updates as we speak, chances are you’ll wish to. The bug it fixes is a doozy.
The problem has a really technical identify known as CVE-2025-21043. Per Samsung’s replace web page, the bug allowed attackers to conduct an “out-of-bounds write in libimagecodec.quram.so” that “permits distant attackers to execute arbitrary code.”
In response to Google Venture Zero, libimagecodec.quram.so is a closed-source software that third-party messaging apps use to parse photos that attackers may use to hijack an individual’s smartphone. The patch going out to Samsung gadgets now fixes an “incorrect implementation” of the software, stopping that from occurring.
Mashable Mild Velocity
The exploit, which was found in August by WhatsApp’s safety staff, was reported to Samsung and Apple behind closed doorways in order to not unfold the information. There aren’t any public examples of hackers utilizing this vulnerability, however Samsung’s report notes that the Korean tech large was “made conscious of an exploit within the wild.” Thus, whereas any particular person WhatsApp consumer was unlikely to be focused, the instruments to take action existed.
WhatsApp has over three billion customers worldwide, so such an exploit may have carried out some injury, particularly if it had been made to focus on a number of customers directly. As PCMag notes, Samsung didn’t point out another third-party messaging companies in its report, so it is unclear if solely WhatsApp was affected or if different companies may’ve been exploited with the vulnerability.
Apple was first to the punch to repair the exploit, which it did again in late August. It wasn’t the very same situation as Samsung was dealing with, nevertheless it had an identical finish impact in that it may trigger telephones to be hijacked.
Samsung’s replace comes roughly two weeks after Google launched a duo of comparable safety flaws that additionally had exploits noticed within the wild as a part of Android’s month-to-month safety replace for September 2025.
Subjects
Cybersecurity
Samsung
