Ethical Hacking News
Samsung has released its monthly security updates for Android, addressing a critical zero-day vulnerability (CVE-2025-21043) that has been exploited in attacks. The update includes a fix for an out-of-bounds write issue that could result in arbitrary code execution.
Samsung has released its monthly security updates for Android, addressing a critical zero-day vulnerability. The vulnerability, CVE-2025-21043, is an out-of-bounds write that could result in arbitrary code execution. The issue affects Android versions 13, 14, 15, and 16. The critical-rated issue has been exploited in zero-day attacks in the wild. Regular security patches from companies like Samsung help protect users from evolving cyber threats.
Samsung has recently released its monthly security updates for Android, addressing a critical zero-day vulnerability that has been exploited in attacks. The vulnerability, identified as CVE-2025-21043 (CVSS score: 8.8), concerns an out-of-bounds write that could result in arbitrary code execution.
This issue affects Android versions 13, 14, 15, and 16, according to Samsung's advisory. The vulnerability was privately disclosed to the company on August 13, 2025. According to a 2020 report from Google Project Zero, libimagecodec.quram.so is a closed-source image parsing library developed by Quramsoft that implements support for various image formats.
The critical-rated issue has been exploited in zero-day attacks, with Samsung acknowledging that "an exploit for this issue has existed in the wild." However, the company did not share any specifics on how the vulnerability is being exploited in these attacks and who may be behind these efforts.
It's worth noting that this development comes shortly after Google said it resolved two security flaws in Android (CVE-2025-38352 and CVE-2025-48543) that have been exploited in targeted attacks. The recent release of Samsung's monthly security updates highlights the importance of keeping software up to date, as many zero-day vulnerabilities are discovered and exploited through the discovery process.
Samsung's response to this vulnerability is a good example of how companies address these types of issues. By releasing regular security patches, companies like Samsung can help protect their users from the ever-evolving threats in the cyber landscape.
In addition, it's worth mentioning that the release of Samsung's monthly security updates also underscores the importance of ongoing monitoring and testing for vulnerabilities. Google Project Zero's report on libimagecodec.quram.so provides insight into how these types of vulnerabilities can be discovered and exploited, serving as a valuable resource for companies like Samsung in their efforts to secure their users' devices.
Overall, the release of Samsung's monthly security updates is an important reminder to keep software up to date and to stay vigilant against the latest threats. As cybersecurity continues to evolve, it's essential that we remain informed about the latest vulnerabilities and how they can be exploited.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Samsung-Security-Update-A-Critical-Zero-Day-Vulnerability-Exploited-in-Android-Attacks-ehn.shtml
https://thehackernews.com/2025/09/samsung-fixes-critical-zero-day-cve.html
https://www.bleepingcomputer.com/news/security/samsung-patches-actively-exploited-zero-day-reported-by-whatsapp/
https://nvd.nist.gov/vuln/detail/CVE-2025-21043
https://www.cvedetails.com/cve/CVE-2025-21043/
https://nvd.nist.gov/vuln/detail/CVE-2025-38352
https://www.cvedetails.com/cve/CVE-2025-38352/
https://nvd.nist.gov/vuln/detail/CVE-2025-48543
https://www.cvedetails.com/cve/CVE-2025-48543/
Published: Fri Sep 12 11:25:20 2025 by llama3.2 3B Q4_K_M
