Samsung patched a high-severity 8.8 zero-day Android flaw that it said was exploited in the wild.Made as part of Samsung’s monthly patches, the fix for CVE-2025-21043 involved an out-of-bounds write that, when exploited, results in an arbitrary code execution. It was privately reported to Samsung on Aug. 13.Samsung said the patch fixed an incorrect implementation of libimagecodec.quram, a closed-source image parsing library from Quramsoft that implements support for various image formats.Noelle Murata, senior security engineer at Xcape Inc., said patching is urgent for all impacted Android 13+ devices because the Samsung zero-day has already been exploited in the wild. Murata said teams should use mobile security platforms or MDM to distribute the update, check for compliance, and keep an eye out for signs of compromise related to CVE-2025-21043.“In addition to patching, it's critical to reinforce mobile threat detection and make sure staff members understand not to postpone updates,” said Murata. “History demonstrates that mobile zero-days frequently spread swiftly after going public, even if an exploit appears targeted at the moment.”Brian Thornton, senior sales engineer at Zimperium, said zero-day exploits targeting popular apps and OEM libraries show just how fast attackers are shifting to mobile as their way in. In this case, Thornton said a closed-source image library created a broad risk across Samsung devices and the apps that depend on it.“Security teams should make sure employees update their Samsung devices right away and tighten up mobile defense plans,” said Thornton. “Traditional endpoint tools can’t see these kinds of mobile exploits— dedicated mobile security is key to detecting and defending zero-days in real time.”
Vulnerability Management, Patch/Configuration Management, Endpoint/Device Security, Application security

Samsung patches actively exploited zero-day Android flaw

(Adobe Stock)

Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



