Samsung Patches Zero-Day Exploited Against Android Users

Samsung Patches Zero-Day Exploited Against Android Users

Posted on By CWS

Samsung’s September 2025 safety updates for Android units embody a patch for a vulnerability that has been exploited within the wild.

The exploited bug, tracked as CVE-2025-21043 (CVSS rating of 8.8), is described as an out-of-bounds write difficulty within the libimagecodec.quram.so picture parsing library, which is utilized by purposes that course of pictures on Samsung units.

In keeping with Samsung, profitable exploitation of the safety defect permits distant attackers to execute arbitrary code on weak units.

“Samsung was notified that an exploit for this difficulty has existed within the wild,” the cell phone maker notes in its advisory.

The corporate has not shared particulars on the flaw, nor on the noticed exploitation, however credited the Meta and WhatsApp safety groups for reporting it on August 13.

The timing of the report and the truth that the Samsung zero-day was in a core picture library means that CVE-2025-21043 may need been exploited in assaults concentrating on WhatsApp customers, simply as was CVE-2025-43300, an out-of-bounds write difficulty within the ImageIO framework part of iOS, iPadOS, and macOS.

The Apple bug, WhatsApp mentioned two weeks in the past, was seemingly chained with a WhatsApp vulnerability tracked as CVE-2025-55177 in “a classy assault towards particular focused customers”.

The Meta-owned communication platform mentioned on the time it had notified lower than 200 customers of potential assaults concentrating on their units.Commercial. Scroll to proceed studying.

WhatsApp’s late August advisory made no point out of CVE-2025-55177 being exploited towards Android customers, though Amnesty Worldwide’s Donncha Ó Cearbhaill mentioned that each iPhone and Android customers had been impacted. The assaults had been attributed to spy ware distributors. 

“Early indications are that the WhatsApp assault is impacting each iPhone and Android customers, civil society people amongst them. Authorities spy ware continues to pose a risk to journalists and human rights defenders,” Ó Cearbhaill mentioned.

SecurityWeek has emailed each Samsung and WhatsApp for clarification and can replace this text if the 2 firms reply.

Associated: Hackers Exploit Sitecore Zero-Day for Malware Supply

Associated: Two Exploited Vulnerabilities Patched in Android

Associated: Sangoma Patches Vital Zero-Day Exploited to Hack FreePBX Servers

Associated: Citrix Patches Exploited NetScaler Zero-Day

Security Week News Tags:, , , , ,

Related Posts

Apple Rolls Out iOS 26, macOS Tahoe 26 With Patches for Over 50 Vulnerabilities Apple Rolls Out iOS 26, macOS Tahoe 26 With Patches for Over 50 Vulnerabilities Security Week News
Louis Vuitton Data Breach Hits Customers in Several Countries Louis Vuitton Data Breach Hits Customers in Several Countries Security Week News
No Patches for Vulnerabilities Allowing Cognex Industrial Camera Hacking No Patches for Vulnerabilities Allowing Cognex Industrial Camera Hacking Security Week News
North Korea’s Digital Surge: B Stolen in Crypto as Amazon Blocks 1,800 Fake IT Workers North Korea’s Digital Surge: $2B Stolen in Crypto as Amazon Blocks 1,800 Fake IT Workers Security Week News
Japan, Britain to Boost Cybersecurity and Critical Minerals Cooperation as China’s Influence Grows Japan, Britain to Boost Cybersecurity and Critical Minerals Cooperation as China’s Influence Grows Security Week News
Ransomware Shuts Clinics as Cyber Threats Surge Ransomware Shuts Clinics as Cyber Threats Surge Security Week News