![\"Samsung](\"https:\/\/www.newsbeep.com\/us\/wp-content\/uploads\/2025\/09\/1757915711_236_960x0.jpg\")
<\/p>\n<\/p>\n
Update now \u2014 attacks underway<\/p>\n
NurPhoto via Getty Images<\/p>\n
Republished on September 14 with Google\u2019s surprising change to security updates; this will have a huge impact on Samsung users almost immediately. <\/p>\n
Samsung has suddenly warned<\/a> that attacks on Galaxy smartphones are underway. The company has revised its September security update and all eligible phones will now receive the fix. The threat affects devices running Android 13 or newer.<\/p>\n CVE-2025-21043 was reported by WhatsApp in the same way as CVE-2025-55177<\/a>, which affected Apple\u2019s iPhone and was flagged last month. Samsung says it \u201cwas notified that an exploit for this issue has existed in the wild.\u201d<\/p>\n The memory vulnerability within an image-parsing library opens the door for attackers to run malicious code on remote devices. It\u2019s not clear yet if this impacts other messengers or just WhatsApp. But with 3 billion users, WhatsApp is installed on almost all Galaxy phones and so provides a vast attack surface.<\/p>\n ForbesMicrosoft Windows Deadline\u201430 Days To Update Or Stop Using Your PCBy Zak Doffman<\/a><\/p>\n Zimperium\u2019s Brian Thornton told me this zero-day “shows just how fast attackers are shifting to mobile as their way in. In this case, a closed-source image library created a broad risk across Samsung devices and the apps that depend on it.\u201d<\/p>\n Samsung says the risk is an \u201cout-of-bounds write in libimagecodec.quram,\u201d third-party image handling software that has triggered past security interest from Google\u2019s Project Zero<\/a>. The threat was disclosed on August 13 and affects Android 13, 14, 15 and 16.<\/p>\n \u201cBoth Samsung and WhatsApp have released patches to address this issue,\u201d Black Duck\u2019s Nivedita Murthy confirms. \u201cThis recently identified vulnerability can be exploited to gain unauthorized access to a user\u2019s device and its stored data.\u201d<\/p>\n Unsurprisingly the vulnerability has been given a critical severity rating. Unfortunately, Samsung\u2019s challenge is that while applying the fix is urgent, users must await their turn. Unlike Pixel\u2019s or iPhone\u2019s everyone, everywhere update, it\u2019s not as simple with the Galaxy rollout by model, region and carrier.<\/p>\n Given the similar zero-days, this contrasts unfavorably with Apple\u2019s ability to patch all iPhones right away, in much the same way as iOS 26 will be deployed onto iPhones globally next week while most Galaxy owners face a long wait for One UI 8.<\/p>\n As long as your device is on Samsung\u2019s monthly update<\/a> schedule, you will be in line for the fix. Just ensure you install the update and reboot your phone as soon as you can.<\/p>\n