Particle.news
Download on the App Store
4 ARTICLES
·
yesterday

Samsung Issues Emergency Galaxy Update After Active Exploits Hit Image Codec

The patch targets a WhatsApp‑reported zero‑day in a third‑party image codec.

blank
A person looking at a phone with a digital warning sign over it
Samsung Fixes Image Parsing Vulnerability Exploited in Android Attacks

Overview

  • Samsung revised its September 2025 security update to fix CVE-2025-21043 on Galaxy devices running Android 13 through 16.
  • The company confirmed an exploit was already in the wild, tied to an out-of-bounds write in libimagecodec.quram that can enable remote code execution via crafted images.
  • WhatsApp and Samsung have released patches, but Galaxy updates are being distributed in phases by model, region, and carrier.
  • Samsung has not said whether only WhatsApp was targeted, and because the closed-source library is used beyond one app, other messaging pathways may also be exposed.
  • Users are urged to install the update and reboot when it arrives, as Google’s new plan to reserve monthly releases for critical fixes may shape future patch timing.