Samsung has recently rolled out its monthly security updates for Android, which includes a fix for a security vulnerability that has been exploited in zero-day attacks. The vulnerability, identified as CVE-2025-21043 with a CVSS score of 8.8, involves an out-of-bounds write that could lead to arbitrary code execution. According to Samsung’s advisory, the vulnerability exists in libimagecodec.quram.so and the patch aims to rectify the incorrect implementation.
Libimagecodec.quram.so is a closed-source image parsing library developed by Quramsoft to support various image formats, as highlighted in a 2020 report from Google Project Zero. Samsung has classified this critical-rated issue as affecting Android versions 13, 14, 15, and 16, with the vulnerability being disclosed to the company on August 13, 2025. The company did not provide details on the specific exploitation methods or the actors involved, but it did acknowledge the existence of an exploit in the wild.
In a recent development, Google also addressed two security flaws in Android (CVE-2025-38352 and CVE-2025-48543) that were reportedly leveraged in targeted attacks. The timely release of security patches by both Samsung and Google underscores the ongoing efforts to safeguard mobile devices from potential threats. As mobile security continues to be a top priority, collaboration between manufacturers and software providers remains crucial in ensuring a secure user experience.
Source link