Do not miss this deadline
NurPhoto via Getty Images
Samsung’s warning that Galaxy phones are under attack has taken a new twist. The Galaxy-maker issued an emergency update last month for all eligible phones, telling users it “was notified that an exploit for this issue has existed in the wild.”
Now the U.S. government has issued a new warning for federal staff to update or stop using Galaxy phones by Oct. 23. There was a huge three-week gap between Samsung’s and CISA’s warnings. But this clearly highlights the seriousness of the vulnerability.
CVE-2025-21043 affects WhatsApp running on Galaxy phones, in much the same way as CVE-2025-55177 does for iPhones. Given the more than 3 billion strong user base, it’s safe to assume almost all Galaxy phones have Meta’s messenger installed.
ForbesGoogle Starts Scanning Videos On Your Phone—How To Stop ItBy Zak Doffman
CISA warns that “Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so which allows remote attackers to execute arbitrary code,” telling government staff to install the update “or discontinue use of the product.”
CISA’s mandate applies to federal agency staff but it operates “for the benefit of the cybersecurity community and network defenders — and to help every organization better manage vulnerabilities and keep pace with threat activity.”
This specific Samsung vulnerability affects an image-parsing library on phones, enabling attackers to run malicious code remotely. It’s the latest in a run of media related vulnerabilities targeting both Android and iPhone devices.
According to Zimperium’s Brian Thornton, this zero-day “shows just how fast attackers are shifting to mobile as their way in. In this case, a closed-source image library created a broad risk across Samsung devices and the apps that depend on it.”
While CVE-2025-21043 was patched in Samsung’s September monthly release, the Galaxy maker has just issued its October update. Updating to the latest available OS update will apply all fixed and ensure you phone is completely up-to-date.
There are no critical fixes in October and no further attack warnings, but there are several high-severity flaws, both for Android in general and Samsung in particular, and so all Galaxy owners are urged to install this new update as soon as it’s available, even if they have already applied September’s critical fix.
ForbesSamsung Issues ‘Final Update’ For Millions Of Galaxy SmartphonesBy Zak Doffman
Timely security updates prove a challenge for Samsung, given its weeks-long process to apply patches across its vast array of models, regions and carriers. There is some hope that Google’s shift to quarterly omni-updates with just critical fixed in between will help address this. We will know more over the coming months.
Meanwhile, Samsung’s rival in the flagship stakes is upping those stakes yet again for fast security fixes. iOS 26.1 revamps silent background updates for iPhones, enabling those to be pushed to everyone, everywhere, quickly and without any user action required. If it works as billed, it would apply to exactly this kind of emergency update.