"Samsung has issued a patch to resolve a critical vulnerability impacting its Android smartphone users. All impacted phone models will receive the fix, which patches a vulnerability tracked as . The security flaw, issued a critical base score of 8.8 by Samsung Mobile (a CNA), is described as an "out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code.""
"The critical vulnerability was privately disclosed by Meta and WhatsApp security teams on August 13, 2025. The South Korean tech giant was also informed that an exploit for this bug exists in the wild. Samsung's September states that CVE-2025-21043 impacts Android 13, 14, 15, and 16, the latter being the latest version of the operating system. While a full list of impacted handset models has not been released."
"Developed by Quramsoft, libimagecodec.quram.so is an image parsing library used by apps to parse and decode image formats on Samsung devices. This isn't the first time a security issue has impacted image-related software on Samsung handsets, as with , in which an unauthenticated attacker could send a malicious MMS to perform a remote code execution (RCE) attack without user interaction."
Samsung released a security update that fixes a critical out-of-bounds write in libimagecodec.quram.so, tracked as CVE-2025-21043, with a base score of 8.8. The flaw allows remote attackers to execute arbitrary code on vulnerable devices prior to SMR Sep-2025 Release 1. Meta and WhatsApp privately disclosed the vulnerability on August 13, 2025 and reported an exploit in the wild. The issue affects devices running Android 13, 14, 15, and 16. A full list of impacted handset models has not been published, but unpatched phones running affected Android versions remain at risk. Users should apply the update immediately.
Read at ZDNET
Unable to calculate read time
Collection
[
|
...
]