Update your Samsung phone ASAP to patch this zero-day flaw exploited in the wild

Sabrina Ortiz/ZDNET Follow ZDNET: Add us as a preferred source on Google. ZDNET's key takeaways Samsung issued a patch for a zero-day vulnerability. Android devices are affected by ongoing attacks in the wild. Samsung users should accept security updates immediately. Samsung has issued a patch to resolve a critical vulnerability impacting its Android smartphone users. All impacted phone models will receive the fix, which patches a vulnerability tracked as CVE-2025-21043. The security flaw, issued a critical base score of 8.8 by Samsung Mobile (a CNA), is described as an "out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code." Also: Your Android phone's most powerful security feature is hidden and off by default - turn it on now The critical vulnerability was privately disclosed by Meta and WhatsApp security teams on August 13, 2025. The South Korean tech giant was also informed that an exploit for this bug exists in the wild. Samsung's September security advisory states that CVE-2025-21043 impacts Android 13, 14, 15, and 16, the latter being the latest version of the operating system. While a full list of impacted handset models has not been released, smartphones running unpatched versions of Android will likely be vulnerable to the exploit, which could allow attackers to execute malicious code on a vulnerable handset. Developed by Quramsoft, libimagecodec.quram.so is an image parsing library used by apps to parse and decode image formats on Samsung devices. This isn't the first time a security issue has impacted image-related software on Samsung handsets, as with CVE-2020-8899, in which an unauthenticated attacker could send a malicious MMS to perform a remote code execution (RCE) attack without user interaction. Also: 7 ways to lock down your phone's security - before it's too late Samsung's urgent release, following WhatsApp's private disclosure of the active exploit, builds upon Apple's mitigation of a similar vulnerability, tracked as CVE-2025-43300, which is described as a memory corruption issue that occurs when malicious image files are processed. In a security advisory in August, WhatsApp noted active attacks and said that it resolved a separate flaw impacting the messaging service that "could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target's device." When chained with Apple's CVE-2025-43300, WhatsApp says, "this vulnerability may have been exploited in a sophisticated attack against specific targeted users." It's unclear if Samsung's CVE-2025-21043 could be chained in the same way, but if you own a Samsung handset, as soon as you receive a notification to update to this latest security patch, you should do so. We always recommend you keep your handset up-to-date, and this is especially important when fixes for critical security issues are released.