Samsung Patches Zero-Day Exploited Against Android Users

Samsung Patches Zero-Day Exploited Against Android Users

Posted on By CWS

Samsung’s September 2025 safety updates for Android units embody a patch for a vulnerability that has been exploited within the wild.

The exploited bug, tracked as CVE-2025-21043 (CVSS rating of 8.8), is described as an out-of-bounds write difficulty within the libimagecodec.quram.so picture parsing library, which is utilized by purposes that course of pictures on Samsung units.

In keeping with Samsung, profitable exploitation of the safety defect permits distant attackers to execute arbitrary code on weak units.

“Samsung was notified that an exploit for this difficulty has existed within the wild,” the cell phone maker notes in its advisory.

The corporate has not shared particulars on the flaw, nor on the noticed exploitation, however credited the Meta and WhatsApp safety groups for reporting it on August 13.

The timing of the report and the truth that the Samsung zero-day was in a core picture library means that CVE-2025-21043 may need been exploited in assaults concentrating on WhatsApp customers, simply as was CVE-2025-43300, an out-of-bounds write difficulty within the ImageIO framework part of iOS, iPadOS, and macOS.

The Apple bug, WhatsApp mentioned two weeks in the past, was seemingly chained with a WhatsApp vulnerability tracked as CVE-2025-55177 in “a classy assault towards particular focused customers”.

The Meta-owned communication platform mentioned on the time it had notified lower than 200 customers of potential assaults concentrating on their units.Commercial. Scroll to proceed studying.

WhatsApp’s late August advisory made no point out of CVE-2025-55177 being exploited towards Android customers, though Amnesty Worldwide’s Donncha Ó Cearbhaill mentioned that each iPhone and Android customers had been impacted. The assaults had been attributed to spy ware distributors. 

“Early indications are that the WhatsApp assault is impacting each iPhone and Android customers, civil society people amongst them. Authorities spy ware continues to pose a risk to journalists and human rights defenders,” Ó Cearbhaill mentioned.

SecurityWeek has emailed each Samsung and WhatsApp for clarification and can replace this text if the 2 firms reply.

Associated: Hackers Exploit Sitecore Zero-Day for Malware Supply

Associated: Two Exploited Vulnerabilities Patched in Android

Associated: Sangoma Patches Vital Zero-Day Exploited to Hack FreePBX Servers

Associated: Citrix Patches Exploited NetScaler Zero-Day

Security Week News Tags:, , , , ,

Related Posts

In Other News: PQC Adoption, New Android Spyware, FEMA Data Breach In Other News: PQC Adoption, New Android Spyware, FEMA Data Breach Security Week News
Militant Groups Are Experimenting With AI, and the Risks Are Expected to Grow Militant Groups Are Experimenting With AI, and the Risks Are Expected to Grow Security Week News
Vibe Coding Tested: AI Agents Nail SQLi but Fail Miserably on Security Controls Vibe Coding Tested: AI Agents Nail SQLi but Fail Miserably on Security Controls Security Week News
Intel Employee Data Exposed by Vulnerabilities Intel Employee Data Exposed by Vulnerabilities Security Week News
GhostPoster Firefox Extensions Hide Malware in Icons GhostPoster Firefox Extensions Hide Malware in Icons Security Week News
Verisoul Raises .8 Million for Fraud Prevention Verisoul Raises $8.8 Million for Fraud Prevention Security Week News