{"id":230669,"date":"2025-09-16T06:17:11","date_gmt":"2025-09-16T06:17:11","guid":{"rendered":"https:\/\/www.europesays.com\/us\/230669\/"},"modified":"2025-09-16T06:17:11","modified_gmt":"2025-09-16T06:17:11","slug":"psa-samsung-says-you-should-update-your-galaxy-phone-asap","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/us\/230669\/","title":{"rendered":"PSA: Samsung says you should update your Galaxy phone ASAP"},"content":{"rendered":"<p>In our modern digital landscape, software issues sometimes pop up that require urgent fixes. One such fix is currently rolling out for Samsung Galaxy phones as we speak, and if you haven\u2019t checked your phone for updates today, you may want to. The bug it fixes is a doozy.\u00a0<\/p>\n<p>The issue has a very technical name called CVE-2025-21043. Per <a href=\"https:\/\/security.samsungmobile.com\/securityUpdate.smsb\" target=\"_blank\" data-ga-click=\"1\" data-ga-label=\"$text\" data-ga-item=\"text-link\" data-ga-module=\"content_body\" title=\"(opens in a new window)\" rel=\"noopener\">Samsung\u2019s update page<\/a>, the bug allowed attackers to conduct an \u201cout-of-bounds write in <a href=\"http:\/\/libimagecodec.quram.so\" target=\"_blank\" data-ga-click=\"1\" data-ga-label=\"$text\" data-ga-item=\"text-link\" data-ga-module=\"content_body\" title=\"(opens in a new window)\" rel=\"noopener\">libimagecodec.quram.so<\/a>\u201d that \u201callows remote attackers to execute arbitrary code.\u201d\u00a0<\/p>\n<p>According to <a href=\"https:\/\/googleprojectzero.blogspot.com\/2020\/07\/mms-exploit-part-1-introduction-to-qmage.html\" target=\"_blank\" data-ga-click=\"1\" data-ga-label=\"$text\" data-ga-item=\"text-link\" data-ga-module=\"content_body\" title=\"(opens in a new window)\" rel=\"noopener\">Google Project Zero<\/a>, <a href=\"http:\/\/libimagecodec.quram.so\" target=\"_blank\" data-ga-click=\"1\" data-ga-label=\"$text\" data-ga-item=\"text-link\" data-ga-module=\"content_body\" title=\"(opens in a new window)\" rel=\"noopener\">libimagecodec.quram.so<\/a> is a closed-source tool that third-party messaging apps use to parse images that attackers could use to hijack a person\u2019s smartphone. The patch going out to Samsung devices now fixes an \u201cincorrect implementation\u201d of the tool, preventing that from happening.\u00a0<\/p>\n<p>\n            Mashable Light Speed\n        <\/p>\n<p>\n                        How to update your Galaxy phone\n                    <\/p>\n<ul class=\"font-medium !mt-0\">\n<li>\n                                        Go to Settings in your Galaxy phone\n                                    <\/li>\n<li>\n                                        Select the Software Updates option\n                                    <\/li>\n<li>\n                                        Tap on the &#8220;Download and Install&#8221; option and follow instructions\n                                    <\/li>\n<\/ul>\n<p>The exploit, which was <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/samsung-patches-actively-exploited-zero-day-reported-by-whatsapp\/\" target=\"_blank\" data-ga-click=\"1\" data-ga-label=\"$text\" data-ga-item=\"text-link\" data-ga-module=\"content_body\" title=\"(opens in a new window)\" rel=\"noopener\">discovered in<\/a> August by WhatsApp\u2019s security team, was reported to Samsung and Apple behind closed doors so as not to spread the news. There aren\u2019t any public examples of hackers using this vulnerability, but Samsung\u2019s report notes that the Korean tech giant was \u201cmade aware of an exploit in the wild.\u201d Thus, while any individual WhatsApp user was unlikely to be targeted, the tools to do so existed.\u00a0<\/p>\n<p>WhatsApp has over three billion users worldwide, so such an exploit could have done some damage, especially if it were made to target multiple users at once. As <a href=\"https:\/\/www.pcmag.com\/news\/update-your-samsung-phone-major-new-security-fix-ready-to-download\" target=\"_blank\" data-ga-click=\"1\" data-ga-label=\"$text\" data-ga-item=\"text-link\" data-ga-module=\"content_body\" title=\"(opens in a new window)\" rel=\"noopener\">PCMag notes<\/a>, Samsung didn\u2019t mention any other third-party messaging services in its report, so it&#8217;s unclear if only WhatsApp was affected or if other services could\u2019ve been exploited with the vulnerability.\u00a0<\/p>\n<p>Apple was first to the punch to fix the exploit, <a href=\"https:\/\/support.apple.com\/en-us\/124925\" target=\"_blank\" data-ga-click=\"1\" data-ga-label=\"$text\" data-ga-item=\"text-link\" data-ga-module=\"content_body\" title=\"(opens in a new window)\" rel=\"noopener\">which it did<\/a> back in late August. It wasn\u2019t the exact same issue as Samsung was facing, but it had a similar end effect in that it could cause phones to be hijacked.\u00a0<\/p>\n<p>Samsung\u2019s update comes approximately two weeks after Google released a <a href=\"https:\/\/source.android.com\/docs\/security\/bulletin\/2025-09-01\" target=\"_blank\" data-ga-click=\"1\" data-ga-label=\"$text\" data-ga-item=\"text-link\" data-ga-module=\"content_body\" title=\"(opens in a new window)\" rel=\"noopener\">duo of similar security flaws<\/a> that also had exploits observed in the wild as part of Android\u2019s monthly security update for September 2025.\u00a0<\/p>\n<p>\n        Topics<br \/>\n                    <a class=\"underline-link hover:no-underline text-secondary-300 mr-1.5\" href=\"https:\/\/mashable.com\/category\/cybersecurity\" aria-label=\"Navigate to the Cybersecurity tag\" data-ga-click=\"\" data-ga-label=\"$text\" target=\"_blank\" rel=\"noopener\">Cybersecurity<\/a><br \/>\n                    <a class=\"underline-link hover:no-underline text-secondary-300 \" href=\"https:\/\/mashable.com\/category\/samsung\" aria-label=\"Navigate to the Samsung tag\" data-ga-click=\"\" data-ga-label=\"$text\" target=\"_blank\" rel=\"noopener\">Samsung<\/a>\n            <\/p>\n","protected":false},"excerpt":{"rendered":"In our modern digital landscape, software issues sometimes pop up that require urgent fixes. One such fix is&hellip;\n","protected":false},"author":3,"featured_media":230670,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[611,158,67,132,68],"class_list":{"0":"post-230669","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-mobile","8":"tag-mobile","9":"tag-technology","10":"tag-united-states","11":"tag-unitedstates","12":"tag-us"},"share_on_mastodon":{"url":"https:\/\/pubeurope.com\/@us\/115212520179732275","error":""},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/posts\/230669","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/comments?post=230669"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/posts\/230669\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/media\/230670"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/media?parent=230669"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/categories?post=230669"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/tags?post=230669"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}