In the current digital landscape, software problems may emerge that require prompt resolution. A vital update is being rolled out for Samsung Galaxy devices, so it is recommended to verify if updates are available if you haven’t done so yet. The bug being resolved is of great importance.

The vulnerability, recognized as CVE-2025-21043, permitted attackers to conduct an “out-of-bounds write in libimagecodec.quram.so,” which gave them the ability to execute arbitrary code from a distance, as stated on Samsung’s update page.

According to Google Project Zero, libimagecodec.quram.so is a proprietary utility utilized by third-party messaging applications to handle images, which could be manipulated by attackers to gain control over a smartphone. The recent patch for Samsung devices addresses an “incorrect implementation” of this utility, thus averting such threats.

This vulnerability was uncovered in August by WhatsApp’s security team and relayed to Samsung and Apple confidentially to avoid widespread knowledge. Although there have been no public reports of this vulnerability being exploited, Samsung admitted to being “made aware of an exploit in the wild.” While individual WhatsApp users might not have been primary targets, the risk of exploitation was present.

With WhatsApp boasting over three billion users, this exploit could have led to substantial damage, especially if it aimed at several users at once. PCMag highlights that Samsung’s report did not reference other third-party messaging platforms, leaving it uncertain whether only WhatsApp was compromised or if other services faced vulnerabilities as well.

Apple was the first to tackle the exploit, addressing it in late August. Although the matter wasn’t identical to Samsung’s, it had a comparable risk of enabling phone hijacking.

Samsung’s update comes roughly two weeks after Google issued a pair of related security patches, targeting observed exploits as part of Android’s September 2025 security update.