In our modern digital landscape, software issues sometimes pop up that require urgent fixes. One such fix is currently rolling out for Samsung Galaxy phones as we speak, and if you haven’t checked your phone for updates today, you may want to. The bug it fixes is a doozy.
The issue has a very technical name called CVE-2025-21043. Per Samsung’s update page, the bug allowed attackers to conduct an “out-of-bounds write in libimagecodec.quram.so” that “allows remote attackers to execute arbitrary code.”
According to Google Project Zero, libimagecodec.quram.so is a closed-source tool that third-party messaging apps use to parse images that attackers could use to hijack a person’s smartphone. The patch going out to Samsung devices now fixes an “incorrect implementation” of the tool, preventing that from happening.
Mashable Light Speed
The exploit, which was discovered in August by WhatsApp’s security team, was reported to Samsung and Apple behind closed doors so as not to spread the news. There aren’t any public examples of hackers using this vulnerability, but Samsung’s report notes that the Korean tech giant was “made aware of an exploit in the wild.” Thus, while any individual WhatsApp user was unlikely to be targeted, the tools to do so existed.
WhatsApp has over three billion users worldwide, so such an exploit could have done some damage, especially if it were made to target multiple users at once. As PCMag notes, Samsung didn’t mention any other third-party messaging services in its report, so it’s unclear if only WhatsApp was affected or if other services could’ve been exploited with the vulnerability.
Apple was first to the punch to fix the exploit, which it did back in late August. It wasn’t the exact same issue as Samsung was facing, but it had a similar end effect in that it could cause phones to be hijacked.
Samsung’s update comes approximately two weeks after Google released a duo of similar security flaws that also had exploits observed in the wild as part of Android’s monthly security update for September 2025.
Topics
Cybersecurity
Samsung
