Samsung Issues Emergency Security Update for Galaxy Users
Samsung Issues Emergency Security Update for Galaxy Users
- Why Enterprise RAID Rebuilding Succeeds Where Consumer Arrays Fail?
- Linus Torvalds Rejects MMC Subsystem Updates for Linux 7.0: “Complete Garbage”
- The Man Who Maintained Sudo for 30 Years Now Struggles to Fund the Work That Powers Millions of Servers
- How Close Are Quantum Computers to Breaking RSA-2048?
- Why Windows 10 Users Are Flocking to Zorin OS 18 Instead of Linux Mint?
- How to Prevent Ransomware Infection Risks?
- What is the best alternative to Microsoft Office?
Samsung Issues Emergency Security Update for Galaxy Users.
Samsung has issued a sudden warning that Galaxy smartphones are under active attack, prompting the company to release an emergency security update for the majority of its users.
The revised September security update addresses a critical vulnerability affecting devices running Android 13 and later versions.
WhatsApp-Discovered Vulnerability
The threat, designated as CVE-2025-21043, was reported by WhatsApp and bears similarities to CVE-2025-55177, which affected Apple’s iPhones last month. Samsung confirmed it has “received notification that attacks exploiting this vulnerability are actively occurring.”
The zero-day vulnerability stems from a flaw in a third-party image processing library called “libimagecodec.quram” that comes pre-installed on Galaxy smartphones. While WhatsApp discovered and reported the flaw, the vulnerability lies within the Galaxy device’s library rather than the WhatsApp application itself. This means other Android devices not using the same library are unaffected, and iPhone, Windows, and macOS versions of WhatsApp remain secure.
Technical Details and Impact
The vulnerability is a memory-related flaw in libimagecodec.quram that could allow attackers to remotely execute malicious code on affected devices through “out-of-bounds write” operations. The threat was disclosed on August 13, 2025, and impacts Android versions 13, 14, 15, and 16.
Brian Thornton from Zimperium noted that this zero-day attack demonstrates “how quickly attackers are pivoting to mobile as an attack vector. In this case, a closed-source image processing library has created widespread risk across Samsung devices and the applications that depend on them.”
Given WhatsApp’s massive user base of 3 billion people and its near-universal installation on Galaxy devices, this vulnerability presents an extensive attack surface for cybercriminals.
Samsung’s Update Challenge
The vulnerability has been classified as “critical” severity, requiring immediate patching. However, Samsung faces a significant challenge in update distribution compared to competitors like Apple and Google Pixel, which can deploy updates universally and simultaneously.
Unlike the “everyone, everywhere” approach of iPhone and Pixel devices, Galaxy updates are rolled out gradually based on device model, region, and carrier. This staggered approach means many Galaxy users will have to wait for their turn to receive the critical security fix.
Nivedita Murthy from Black Duck confirmed that “both Samsung and WhatsApp have released patches to address this issue. This vulnerability could be exploited to gain unauthorized access to users’ devices and stored data.”
Google’s New Security Update Policy
In related news, Android Authority has revealed Google’s new approach to monthly security updates, which will significantly impact Samsung and other Android manufacturers.
Instead of bundling all available fixes into monthly updates, Google’s new policy restricts monthly updates to only “critical fixes” such as zero-day vulnerabilities. Less urgent security improvements will be consolidated into quarterly releases.
Under this new system:
- Monthly updates: Limited to critical fixes only, addressing zero-day exploits and severe security flaws
- Quarterly updates: Comprehensive releases including minor fixes and non-urgent security improvements
This means that for two months out of every three, users will receive smaller, critical-fix-only updates, with comprehensive updates delivered every third month.
Samsung typically overlays its own fixes onto Google’s Android updates each month, so it remains to be seen whether the company will align with this new policy or continue its current monthly schedule.
Recommendations for Users
Galaxy users should install the security update as soon as it becomes available for their device and restart their smartphones immediately after installation. While the fix is being rolled out according to Samsung’s monthly update schedule, the staggered nature of Galaxy updates means patience will be required.
As Android Authority notes, “If you’re already receiving monthly security updates, you’ll continue to do so. If not, this policy change might actually make it easier for device manufacturers to provide more consistent updates, or at least make it easier for all OEMs to deliver quarterly updates.”
The incident highlights the ongoing security challenges facing the mobile ecosystem and the critical importance of timely security updates in protecting users from sophisticated cyber threats.
