"Samsung has fixed a critical flaw that affects its Android devices - but not before attackers found and exploited the bug, which could allow remote code execution on affected devices. The vulnerability, tracked as CVE-2025-21043, affects Android OS versions 13, 14, 15, and 16."
"The Meta and WhatsApp security teams found the flaw and reported it to Samsung on August 13. Apps that process images on Samsung kit, potentially including WhatsApp, may trigger this library, but Samsung didn't name specific apps. The warning is interesting, because Meta shortly thereafter issued a security advisory warning that attackers may have chained a WhatsApp bug with an Apple OS-level flaw in highly targeted attacks."
An out-of-bounds write vulnerability in Samsung's image-parsing library libimagecodec.quram.so (CVE-2025-21043) affected Android 13–16 and could enable remote code execution when processing crafted images. Attackers exploited the flaw in the wild prior to Samsung issuing a September security update; Samsung stated that an exploit existed. Meta and WhatsApp security teams discovered and reported the issue on August 13. Image-processing apps on Samsung devices, potentially including WhatsApp, may invoke the vulnerable library, though Samsung did not name specific apps. Related flaws include WhatsApp CVE-2025-55177 and Apple ImageIO CVE-2025-43300, which were assessed as possibly chained in highly targeted attacks; Apple patched ImageIO bounds checking on August 20.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]