Samsung patches a zero-day under active attack — update your Galaxy now

Samsung’s September security release includes a fix for a vulnerability that was being exploited in the wild, and it’s serious enough to warrant immediate updating across supported Galaxy devices. The bug, tracked as CVE-2025-21043 with a CVSS score of 8.8, is an out-of-bounds write in libimagecodec.quram.so, an image-parsing library used by apps that handle pictures on Samsung phones. Successful exploitation can lead to remote code execution.

Meta and WhatsApp’s security teams reported the issue to Samsung on August 13. While Samsung hasn’t shared full technical details, the timing and the library involved suggest threat actors may have targeted users via malicious images delivered in messaging contexts—similar to a recent iOS ImageIO case tied to spyware activity.

To protect yourself, install the September update as soon as it hits your device: Settings → Software update → Download and install. If your carrier or region hasn’t rolled it out yet, keep Google Play Protect on, avoid sideloading APKs, and be extra careful with links and unexpected attachments until you see your phone’s security patch level update.

The patch arrives alongside Samsung’s usual bundle of Android and Samsung-specific fixes. Even if you’re not directly targeted by the zero-day, rolling updates promptly reduces your exposure window and brings cumulative hardening across system components.

If you regularly use image-heavy apps, it’s worth tightening media settings while you wait for the patch. Limiting automatic media downloads can reduce passive exposure to drive-by payloads that abuse parsing bugs. Once updated, you can restore your normal settings with significantly lower risk.

Bottom line: this is a live-exploited flaw with remote-code implications. Update first, then carry on. Samsung says exploitation was observed in the wild, and credits from Meta/WhatsApp underscore that high-value communications targets were in scope. Don’t sit on this one.