"Samsung's September 2025 security updates for Android devices include a patch for a vulnerability that has been exploited in the wild. The exploited bug, tracked as CVE-2025-21043 (CVSS score of 8.8), is described as an out-of-bounds write issue in the libimagecodec.quram.so image parsing library, which is used by applications that process images on Samsung devices. According to Samsung, successful exploitation of the security defect allows remote attackers to execute arbitrary code on vulnerable devices."
"The company has not shared details on the flaw, nor on the observed exploitation, but credited the Meta and WhatsApp security teams for reporting it on August 13. The timing of the report and the fact that the Samsung zero-day was in a core image library suggests that CVE-2025-21043 might have been exploited in attacks targeting WhatsApp users, just as was CVE-2025-43300, an out-of-bounds write issue in the ImageIO framework component of iOS, iPadOS, and macOS."
Samsung's September 2025 Android updates patch CVE-2025-21043, an out-of-bounds write in the libimagecodec.quram.so image parsing library used by apps that process images. Successful exploitation enables remote attackers to execute arbitrary code on affected devices. Samsung acknowledged that an exploit existed in the wild and credited Meta and WhatsApp security teams for reporting the issue on August 13. The company has not released technical details or specifics about observed exploitation. The vulnerability's presence in a core image library and the report timing raise the possibility of attacks targeting WhatsApp users, echoing recent ImageIO exploits on Apple platforms; observers linked such attacks to spyware vendors and civil-society targeting.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]