In our trendy digital panorama, software program points generally pop up that require pressing fixes. One such repair is at the moment rolling out for Samsung Galaxy telephones as we converse, and in the event you haven’t checked your telephone for updates as we speak, it’s possible you’ll wish to. The bug it fixes is a doozy.
The problem has a really technical title referred to as CVE-2025-21043. Per Samsung’s replace web page, the bug allowed attackers to conduct an “out-of-bounds write in libimagecodec.quram.so” that “permits distant attackers to execute arbitrary code.”
In line with Google Venture Zero, libimagecodec.quram.so is a closed-source instrument that third-party messaging apps use to parse photographs that attackers may use to hijack an individual’s smartphone. The patch going out to Samsung units now fixes an “incorrect implementation” of the instrument, stopping that from occurring.
Mashable Gentle Velocity
The exploit, which was found in August by WhatsApp’s safety crew, was reported to Samsung and Apple behind closed doorways in order to not unfold the information. There aren’t any public examples of hackers utilizing this vulnerability, however Samsung’s report notes that the Korean tech big was “made conscious of an exploit within the wild.” Thus, whereas any particular person WhatsApp consumer was unlikely to be focused, the instruments to take action existed.
WhatsApp has over three billion customers worldwide, so such an exploit may have carried out some harm, particularly if it have been made to focus on a number of customers directly. As PCMag notes, Samsung didn’t point out another third-party messaging providers in its report, so it is unclear if solely WhatsApp was affected or if different providers may’ve been exploited with the vulnerability.
Apple was first to the punch to repair the exploit, which it did again in late August. It wasn’t the very same problem as Samsung was dealing with, but it surely had the same finish impact in that it may trigger telephones to be hijacked.
Samsung’s replace comes roughly two weeks after Google launched a duo of comparable safety flaws that additionally had exploits noticed within the wild as a part of Android’s month-to-month safety replace for September 2025.
Subjects
Cybersecurity
Samsung
About The Author
