PSA: Your Samsung Galaxy phone has a security update you should install right now
In our modern digital landscape, software issues sometimes pop up that require urgent fixes. One such fix is currently rolling out for Samsung Galaxy phones as we speak, and if you haven’t checked your phone for updates today, you may want to. The bug it fixes is a doozy.
The issue has a very technical name called CVE-2025-21043. Per Samsung’s update page, the bug allowed attackers to conduct an “out-of-bounds write in libimagecodec.quram.so” that “allows remote attackers to execute arbitrary code.”
According to Google Project Zero, libimagecodec.quram.so is a closed-source tool that third-party messaging apps use to parse images that attackers could use to hijack a person’s smartphone. The patch going out to Samsung devices now fixes an “incorrect implementation” of the tool, preventing that from happening.
You May Also Like
Apple AirPods Pro 3 Noise Cancelling Heart Rate Wireless Earbuds — $219.99 (List Price $249.00)
Apple iPad 11" 128GB Wi-Fi Retina Tablet (Blue, 2025 Release) — $274.00 (List Price $349.00)
Amazon Fire HD 10 32GB Tablet (2023 Release, Black) — $69.99 (List Price $139.99)
Sony WH-1000XM5 Wireless Noise Canceling Headphones — $248.00 (List Price $399.99)
Blink Outdoor 4 1080p Security Camera (5-Pack) — $159.99 (List Price $399.99)
Fire TV Stick 4K Streaming Device With Remote (2023 Model) — $24.99 (List Price $49.99)
Shark AV2511AE AI Robot Vacuum With XL Self-Empty Base — $249.99 (List Price $599.00)
Apple Watch Series 11 (GPS, 42mm, S/M Black Sport Band) — $339.00 (List Price $399.00)
WD 6TB My Passport USB 3.0 Portable External Hard Drive — $138.65 (List Price $179.99)
Dell 14 Premium Intel Ultra 7 512GB SSD 16GB RAM 2K Laptop — $999.99 (List Price $1549.99)
The exploit, which was discovered in August by WhatsApp’s security team, was reported to Samsung and Apple behind closed doors so as not to spread the news. There aren’t any public examples of hackers using this vulnerability, but Samsung’s report notes that the Korean tech giant was “made aware of an exploit in the wild.” Thus, while any individual WhatsApp user was unlikely to be targeted, the tools to do so existed.
WhatsApp has over three billion users worldwide, so such an exploit could have done some damage, especially if it were made to target multiple users at once. As PCMag notes, Samsung didn’t mention any other third-party messaging services in its report, so it's unclear if only WhatsApp was affected or if other services could’ve been exploited with the vulnerability.
Apple was first to the punch to fix the exploit, which it did back in late August. It wasn’t the exact same issue as Samsung was facing, but it had a similar end effect in that it could cause phones to be hijacked.
Samsung’s update comes approximately two weeks after Google released a duo of similar security flaws that also had exploits observed in the wild as part of Android’s monthly security update for September 2025.
Topics Cybersecurity Samsung
