Samsung is advising members of the Galaxy smartphone ecosystem to update their device as soon as possible after it was discovered that a high‑severity vulnerability could allow attackers to take over an affected handset using a malicious picture. The patch is beginning to flow down to supported Galaxy models, and the company says there’s evidence the bug has been exploited in the wild.
What’s being fixed — and why it matters
Tracked as CVE‑2025‑21043, the issue resides in an out‑of‑bounds write in a component named while identifying the vulnerability as libimagecodec. quram. so. That closed‑source image parsing library as Samsung’s own security notes and Google’s Project Zero analysis also note, is there to be called by third party messaging apps. In plain language: Get sent a special image and you might find yourself looking at an attacker’s malicious code running on your phone.
As few technical details are public in order to avoid copycat attacks, Samsung acknowledges it was made aware of active exploitation. The flaw is part of a problematic pattern that security teams are concerned about: image and media codecs contain complexity, and when apps automatically generate previews or thumbnails, a “no tap” or “single tap” compromise is possible if the parsing layer can be attacked.
Who is affected
The Samsung fix is being delivered as part of its regular security maintenance release to supported Galaxy devices, which include the latest S‑series flagships, Z Fold and Z Flip ranges and numerous A‑series phones. When the rollout starts will depend on where you live, which carrier you use and what model smartphone you have, so not everyone is going to be getting it at exactly the same time—so this is a manual check situation.
The problem was discovered and reported privately by WhatsApp’s security team, and Google Project Zero made estimates of at least some messaging workflows that could be targeted. With WhatsApp in use by more than three billion users across the world, even a focused set of exploit code can increase risk. PCMag mentioned the fact that Samsung didn’t name any other messaging services in its notes, so it’s unclear as to which apps (besides WhatsApp) could be affected — however, from all this news, you might as well go ahead and update both your phone and your messaging apps if available.
How to get your Galaxy updated now
Head to Settings > Software update > Download and install on your Galaxy device. Plug in and try connecting to Wi‑Fi if it’s available. After rebooting, check to make sure you are up to the latest security patch by going to Settings >About phone > Software information.
Also refresh your apps through the Play Store (and Galaxy Store, if you somehow manage to use it). Set automatic updates for both the system and apps to catch fixes as soon as they land. In messaging apps, also disable automatic media downloads and link previews until you have verified that you are fully patched — this mitigates exposure to image parsing bugs.
And last, go to Settings > Security and privacy to make sure Google Play Protect is turned on and you have the latest Google Play system update. Defence in depth is important: the more layers, the harder it is to exploit.
The broader security backdrop
Image parsing vulnerabilities are some of the worst you can get on mobile. The Android world certainly hasn’t forgotten Stagefright, a series of bugs in the Android’s media playback engine that were discovered years ago — which ultimately affected as many as 950 million devices via malicious MMS. More recently, watchdog groups like Citizen Lab and Amnesty Tech have reported “zero‑click” chains that exploit document or image renderers to install spyware.
Other platform suppliers are also moving fast. Apple recently released an associated fix for an image handling bug with a similar endgame — remote code execution — reminding us that media codecs are still very much in the crosshairs. There are also a number of state‑sponsored attacks listed in Google’s Android Security Bulletin over the past few monthly releases, so you cannot really treat updating as just something that would be “nice to have”.
Bottom line
If you have a Samsung Galaxy and haven’t updated to the latest security patch, do so now. The particular flaw could be triggered, for example, if a user receives an image in a chat and Samsung confirmed it has been exploited. By updating your phone and essential apps, enabling automatic updates and tightening media auto‑download settings you will drastically reduce your risk.