CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Mobile & Wireless

Samsung Patches Zero-Day Exploited Against Android Users

Reported by Meta and WhatsApp, the vulnerability leads to remote code execution and was likely exploited by a spyware vendor. The post Samsung Patches Zero-Day Exploited Against Android Users appeared first on SecurityWeek.

Samsung zero-day

Samsung’s September 2025 security updates for Android devices include a patch for a vulnerability that has been exploited in the wild.

The exploited bug, tracked as CVE-2025-21043 (CVSS score of 8.8), is described as an out-of-bounds write issue in the libimagecodec.quram.so image parsing library, which is used by applications that process images on Samsung devices.

According to Samsung, successful exploitation of the security defect allows remote attackers to execute arbitrary code on vulnerable devices.

“Samsung was notified that an exploit for this issue has existed in the wild,” the mobile phone maker notes in its advisory.

The company has not shared details on the flaw, nor on the observed exploitation, but credited the Meta and WhatsApp security teams for reporting it on August 13.

The timing of the report and the fact that the Samsung zero-day was in a core image library suggests that CVE-2025-21043 might have been exploited in attacks targeting WhatsApp users, just as was CVE-2025-43300, an out-of-bounds write issue in the ImageIO framework component of iOS, iPadOS, and macOS.

The Apple bug, WhatsApp said two weeks ago, was likely chained with a WhatsApp vulnerability tracked as CVE-2025-55177 in “a sophisticated attack against specific targeted users”.

The Meta-owned communication platform said at the time it had notified less than 200 users of potential attacks targeting their devices. WhatsApp also notified industry peers, including Apple and Samsung.

WhatsApp’s late August advisory made no mention of CVE-2025-55177 being exploited against Android users, although Amnesty International’s Donncha Ó Cearbhaill said that both iPhone and Android users were impacted. The attacks were attributed to spyware vendors. 

“Early indications are that the WhatsApp attack is impacting both iPhone and Android users, civil society individuals among them. Government spyware continues to pose a threat to journalists and human rights defenders,” Ó Cearbhaill said.

Most likely, a commercial spyware vendor found a way to target the out-of-bounds write holes in OS-level code that WhatsApp interacts with and achieve code execution on both iOS and Android.

SecurityWeek has emailed Samsung for clarification on the vulnerability and will update this article if the company responds.

*Updated with additional information from WhatsApp.

Related: Hackers Exploit Sitecore Zero-Day for Malware Delivery

Related: Two Exploited Vulnerabilities Patched in Android

Related: Sangoma Patches Critical Zero-Day Exploited to Hack FreePBX Servers

Related: Citrix Patches Exploited NetScaler Zero-Day

Latest News

CYBERNEWSMEDIAPublisher