Update now — attacks underway
NurPhoto via Getty Images
Republished on September 14 with Google’s surprising change to security updates; this will have a huge impact on Samsung users almost immediately.
Samsung has suddenly warned that attacks on Galaxy smartphones are underway. The company has revised its September security update and all eligible phones will now receive the fix. The threat affects devices running Android 13 or newer.
CVE-2025-21043 was reported by WhatsApp in the same way as CVE-2025-55177, which affected Apple’s iPhone and was flagged last month. Samsung says it “was notified that an exploit for this issue has existed in the wild.”
The memory vulnerability within an image-parsing library opens the door for attackers to run malicious code on remote devices. It’s not clear yet if this impacts other messengers or just WhatsApp. But with 3 billion users, WhatsApp is installed on almost all Galaxy phones and so provides a vast attack surface.
Zimperium’s Brian Thornton told me this zero-day “shows just how fast attackers are shifting to mobile as their way in. In this case, a closed-source image library created a broad risk across Samsung devices and the apps that depend on it.”
Samsung says the risk is an “out-of-bounds write in libimagecodec.quram,” third-party image handling software that has triggered past security interest from Google’s Project Zero. The threat was disclosed on August 13 and affects Android 13, 14, 15 and 16.
“Both Samsung and WhatsApp have released patches to address this issue,” Black Duck’s Nivedita Murthy confirms. “This recently identified vulnerability can be exploited to gain unauthorized access to a user’s device and its stored data.”
Unsurprisingly the vulnerability has been given a critical severity rating. Unfortunately, Samsung’s challenge is that while applying the fix is urgent, users must await their turn. Unlike Pixel’s or iPhone’s everyone, everywhere update, it’s not as simple with the Galaxy rollout by model, region and carrier.
Given the similar zero-days, this contrasts unfavorably with Apple’s ability to patch all iPhones right away, in much the same way as iOS 26 will be deployed onto iPhones globally next week while most Galaxy owners face a long wait for One UI 8.
As long as your device is on Samsung’s monthly update schedule, you will be in line for the fix. Just ensure you install the update and reboot your phone as soon as you can.
Meanwhile, Google has just revealed (via Android Authority) a completely new approach to monthly security updates that will have a major impact on Samsung and how the company updates its Galaxy devices in the future.
Instead of a monthly update that collates all fixes ready at that time and rolls them out, Google’s revised monthly cadence will be reserved for critical fixes only — such as the zero-days it confirmed in the monthly update for this month.
The basket of lesser fixes will roll out quarterly, meaning you’ll have two critical only monthly updates with a handful of fixes at most, and then a bumper third month.
Samsung wraps Google’s Android updates with its own each month, so we’ll have to wait to see if it adapts its own approach to match Google. Otherwise we’ll find limited Android updates and more Samsung updates two months out of every three.
“If you already receive monthly security updates,” Android Authority says, “you’ll continue to get them. If you don’t, this change may help your device’s manufacturer deliver them more consistently. At the very least, it should make it easier for all OEMs to push out the quarterly updates.”
Source link
