PSA: Samsung says you need to replace your Galaxy cellphone ASAP

In our trendy digital panorama, software program points generally pop up that require pressing fixes. One such repair is at present rolling out for Samsung Galaxy telephones as we communicate, and in the event you haven’t checked your cellphone for updates right now, you could wish to. The bug it fixes is a doozy. 

The difficulty has a really technical title known as CVE-2025-21043. Per Samsung’s replace web page, the bug allowed attackers to conduct an “out-of-bounds write in libimagecodec.quram.so” that “permits distant attackers to execute arbitrary code.” 

In accordance with Google Venture Zero, libimagecodec.quram.so is a closed-source instrument that third-party messaging apps use to parse pictures that attackers might use to hijack an individual’s smartphone. The patch going out to Samsung units now fixes an “incorrect implementation” of the instrument, stopping that from occurring. 

The exploit, which was found in August by WhatsApp’s safety workforce, was reported to Samsung and Apple behind closed doorways in order to not unfold the information. There aren’t any public examples of hackers utilizing this vulnerability, however Samsung’s report notes that the Korean tech big was “made conscious of an exploit within the wild.” Thus, whereas any particular person WhatsApp consumer was unlikely to be focused, the instruments to take action existed. 

WhatsApp has over three billion customers worldwide, so such an exploit might have finished some injury, particularly if it had been made to focus on a number of customers without delay. As PCMag notes, Samsung didn’t point out every other third-party messaging companies in its report, so it is unclear if solely WhatsApp was affected or if different companies might’ve been exploited with the vulnerability. 

Apple was first to the punch to repair the exploit, which it did again in late August. It wasn’t the very same situation as Samsung was going through, however it had an analogous finish impact in that it might trigger telephones to be hijacked. 

Samsung’s replace comes roughly two weeks after Google launched a duo of comparable safety flaws that additionally had exploits noticed within the wild as a part of Android’s month-to-month safety replace for September 2025.