Overview

• Samsung says the flaw is being exploited in the wild on many Galaxy models, with fixes included in its September security update now shipping by region and device.
• Researchers and media reports attribute the issue to a third‑party image‑analysis library embedded at system level, which WhatsApp uses to process incoming pictures.
• The attack is zero‑click, as a crafted image can trigger code execution through WhatsApp’s automatic preview without the user opening the file or the app.
• Devices running Android 13 through 16 are affected across a broad range of Galaxy phones, with Samsung indicating a large share of models from the past five years could be vulnerable.
• Users are urged to check Settings → Software update → Download and install, enable automatic updates, and apply the latest WhatsApp and system patches linked to the ongoing multi‑vendor image‑processing exploit campaign.