Samsung Rushes Urgent Fix for Spyware Flaw in Galaxy Phones

Samsung has released an urgent security update to fix a dangerous vulnerability that hackers were already exploiting to break into Galaxy phones. The flaw, tracked as CVE-2025-21043, affects devices running Android 13 through Android 16 and could allow attackers to remotely run malicious code.

What Went Wrong

The bug was found in a third-party image processing library called libimagecodec.quram.so. This component is used by Samsung devices to handle different image formats. A coding error known as an “out-of-bounds write” made it possible for attackers to take control of a phone simply by getting it to process a specially crafted image.

The flaw was privately reported to Samsung on August 13 by security teams from Meta and WhatsApp. Samsung later confirmed that an exploit was already being used “in the wild,” meaning attackers had developed and deployed real-world attacks before the fix was available.

The company has not said which models were impacted, but reports suggest popular devices like the Galaxy S25 and S25 Edge are included.

Linked to a Wider Spyware Campaign

What makes this particularly concerning is that the issue may not be limited to WhatsApp. Any app using the same image library could potentially be abused. With WhatsApp alone serving around 3 billion people, the pool of possible victims is enormous.

This vulnerability also appears to be connected to a wider spyware campaign targeting both iPhone and Android users. In August, WhatsApp patched another flaw (CVE-2025-55177) that could be paired with Apple’s own zero-day bug (CVE-2025-43300) to compromise iPhones.

Apple said that attackers had used the flaw in “extremely sophisticated” attacks aimed at specific people, including civil society figures.

Security researchers believe the Samsung flaw could have been chained with WhatsApp’s bug in a similar way, but this time against Android users. Amnesty International has also warned that these so-called “zero-click” exploits—attacks that require no action by the victim—have been used to target journalists, activists, and other high-profile individuals.

What Samsung Users Should Do Now

For Samsung users, the most important step is to update as soon as the September security patch becomes available on your device. Unfortunately, Samsung’s rollout process is staggered by region, carrier, and model, so some customers may need to wait a bit longer. Once the update arrives, install it immediately and restart your phone.

In the meantime, keeping apps updated, avoiding suspicious files, and using reputable mobile security tools like Certo AntiSpy can help reduce risk.

But the bottom line is clear: software updates are your strongest line of defense. Hackers rely on people running outdated systems, so staying current is essential for protecting your data and privacy.