Particle.news
Download on the App Store
10 ARTICLES
·
yesterday

Samsung Pushes Emergency Galaxy Update After Active Zero‑Day Exploit Confirmed

Security teams traced the flaw to a third‑party image library that enables remote code execution through malicious image files.

blank
Image
Image
A person looking at a phone with a digital warning sign over it

Overview

  • Samsung confirmed in‑the‑wild exploitation of CVE-2025-21043 and folded the fix into its September 2025 Security Maintenance Release after a report from Meta/WhatsApp.
  • The bug is an out‑of‑bounds write in libimagecodec.quram.so, a closed‑source Quramsoft component, enabling zero‑click compromise when images are processed.
  • Devices running Android 13 through Android 16 are affected, with protection arriving via a phased rollout that depends on model, region and carrier.
  • WhatsApp has shipped mitigations, and researchers at Black Duck and Zimperium urge users to install the latest system update as soon as it becomes available.
  • It is not yet confirmed whether exploitation is limited to WhatsApp, and security guidance notes that other apps using the same library could present risk.