Samsung Patches Critical Zero-Day Vulnerability Exploited in Android Attacks
Samsung has released its monthly security updates for Android, addressing a critical zero-day vulnerability, CVE-2025-21043, that was actively being exploited in the wild. The flaw affects numerous Galaxy smartphones and devices, including the Samsung Galaxy S25 and Galaxy S25 Edge, running Android 13 or newer.
Details of the Vulnerability
The vulnerability, assigned a CVSS score of 8.8, is an out-of-bounds write issue in the libimagecodec.quram.so library. This flaw could allow remote attackers to execute arbitrary code on affected devices. "Out-of-bounds Write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code," Samsung stated in its security advisory.
According to a 2020 report from Google Project Zero, libimagecodec.quram.so is a closed-source image parsing library developed by Quramsoft, responsible for handling various image formats. Samsung confirmed that the vulnerability impacts Android versions 13, 14, 15, and 16.
Exploitation and Impact
While Samsung hasn't released specific details on how the vulnerability was being exploited or who was behind the attacks, they acknowledged that "an exploit for this issue has existed in the wild." WhatsApp reported the vulnerability to Samsung, suggesting a potential link to the messaging platform. With WhatsApp's vast user base, the potential pool of victims exposed to these kinds of attacks is substantial.
The vulnerability is related to a flaw in a third-party image-parsing library, potentially allowing attackers to execute malicious code. These types of zero-click attacks, where hackers control a device remotely through data verification loopholes, are rare but often leveraged by nation-states in espionage campaigns. Targets frequently include politicians, diplomats, journalists, and other high-profile individuals.
Mitigation and User Recommendations
Samsung urges all users to update their devices immediately. This patch is crucial for safeguarding Galaxy smartphones against potential exploits. If your device is on Samsung’s monthly update schedule, the patch will reach you eventually, install it right away, and reboot your device.
- Install Updates Immediately: Ensure your Samsung device receives and installs the latest security patch.
- Run Antivirus Apps: Consider using a reputable Android antivirus app for added protection.
- Stay Informed: Follow tech news and security advisories to stay aware of potential threats.
While Samsung's update rollout can be gradual, unlike the instant updates pushed to Pixels and iPhones, it is imperative for users to prioritize security updates and patches as soon as they become available. Staying proactive in this manner helps to minimize risks associated with these types of vulnerabilities.
