"Samsung recently issued a patch to resolve a critical vulnerability impacting its Android smartphone users. All impacted phone models will receive the fix, which patches a vulnerability tracked as . The security flaw, issued a critical base score of 8.8 by Samsung Mobile (a CNA), is described as an "out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code.""
"The critical vulnerability was privately disclosed by Meta and WhatsApp security teams on August 13, 2025. The South Korean tech giant was also informed that an exploit for this bug exists in the wild. Samsung's September states that CVE-2025-21043 impacts Android 13, 14, 15, and 16, the latter being the latest version of the operating system. While a full list of impacted handset models has not been released,"
"Developed by Quramsoft, libimagecodec.quram.so is an image parsing library used by apps to parse and decode image formats on Samsung devices. This isn't the first time a security issue has impacted image-related software on Samsung handsets, as with , in which an unauthenticated attacker could send a malicious MMS to perform a remote code execution (RCE) attack without user interaction."
Samsung issued a patch to resolve a critical vulnerability tracked as CVE-2025-21043 that affects Android 13 through 16. The flaw is an out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 that can allow remote attackers to execute arbitrary code. The vulnerability received a critical base score of 8.8 from Samsung Mobile. Meta and WhatsApp security teams privately disclosed the issue on August 13, 2025 and reported an exploit active in the wild. All impacted phone models will receive the fix. Developed by Quramsoft, libimagecodec.quram.so parses and decodes image formats on Samsung devices. Unpatched devices are at risk of remote code execution.
Read at ZDNET
Unable to calculate read time
Collection
[
|
...
]