Samsung has issued an urgent warning to Galaxy smartphone owners about a serious security vulnerability that hackers are actively exploiting. The company has revised its September security update to address this critical flaw, which affects phones running Android 13, 14, 15, and 16.
The vulnerability, labeled CVE-2025-21043, was reported by WhatsApp and has been given a critical severity rating with a high CVSS score of 8.8. Samsung confirmed that “an exploit for this issue has existed in the wild,” meaning attackers are already using it against unsuspecting users.
At the heart of the problem is a flaw in a third-party image processing library called libimagecodec.quram, created by a company named Quramsoft. This closed-source library handles how images are processed on Galaxy devices.
The specific issue is what security experts call an “out-of-bounds write” vulnerability. In simple terms, when a specially crafted malicious image is sent to a vulnerable device, the phone tries to process it but writes data where it shouldn’t. This overflow can contain harmful code that, when executed, gives attackers control over the victim’s phone.
What makes this particularly dangerous is that it’s a “zero-click” attack, meaning users don’t need to tap anything or take any action for their devices to be compromised. The attack happens silently in the background.
“This zero-day shows just how fast attackers are shifting to mobile as their way in,” explained Brian Thornton from mobile security firm Zimperium. “In this case, a closed-source image library created a broad risk across Samsung devices and the apps that depend on it.”
Similar Posts
Security expert Nivedita Murthy from Black Duck confirmed the severity: “This recently identified vulnerability can be exploited to gain unauthorized access to a user’s device and its stored data.”
While such sophisticated attacks typically target high-profile individuals like journalists, politicians, and government officials, all Galaxy users should take immediate action. With WhatsApp installed on nearly all Galaxy phones and boasting 3 billion monthly active users worldwide, the potential attack surface is enormous.
Unlike Apple, which can push updates to all iPhones simultaneously, Samsung’s update process is more complex. Updates roll out gradually based on phone model, region, and carrier. This means some users may need to wait for the fix to become available for their specific device.
To protect yourself:
- Check for updates regularly by going to Settings → Software update → Download and install
- Install updates immediately when available
- Reboot your phone after installing updates
- Make sure WhatsApp is also updated to the latest version
In related news, Google has announced a major change to its security update approach. Going forward, monthly security updates will focus only on critical fixes like this one, while less severe patches will be bundled into quarterly updates. This shift could affect how Samsung packages updates for Galaxy devices in the future.
The security issue was disclosed to Samsung on August 13, 2025, and both Samsung and WhatsApp have now released patches to address it. This incident highlights the growing security challenges in the mobile space and underscores the importance of keeping devices updated with the latest security patches.
