what you need to know and do now
Samsung released an emergency September security update fixing a critical image-parsing zero-day (CVE-2025-21043) that was actively exploited in the wild. If you own a Galaxy device running Android 13–16,
install the update immediately
What happened
On September 2025 Samsung shipped a security update that patches a critical remote-code-execution vulnerability tracked as CVE-2025-21043. The bug is an “out-of-bounds write” in a Samsung image-parsing library (`libimagecodec.quram.so`) that could allow an attacker to run arbitrary code on an affected device. Samsung confirmed the issue had been exploited in the wild, prompting an urgent rollout. According to public vulnerability records and reporting, the flaw carries a high severity rating and affects devices running Android 13, 14, 15, and 16. Samsung’s Security Maintenance Release (SMR) for September 2025 contains the fix.
Who’s at risk
Samsung Galaxy phones and tablets on Android 13–16 are in scope. The exploit is especially dangerous because it can be triggered remotely (for example, via a malicious image delivered over messaging apps or a webpage) and may not require user interaction in some attack chains a hallmark of zero-click/zero-day attacks.
Why these matters
Zero-day RCE bugs that can be triggered by simply processing an image are attractive to state or commercial spyware actors because they let attackers silently compromise a device and install surveillance tools, steal messages, or exfiltrate data. Once such an exploit is in circulation, unpatched devices become high-value targets.
What you should do right now (step-by-step)
Check for system updates — Settings → Software update → Download and install. Install any September 2025 (or later) security update available for your device. If an update’s available, apply it immediately and reboot. If you can’t update yet (carrier/model/region delay): avoid opening unknown links or images, do not download attachments from untrusted sources, and consider temporarily limiting sensitive communications. Enable automatic updates so future SMRs apply promptly. Harden your device: enable screen lock, use strong passcodes, enable 2-factor authentication on accounts, and keep apps (especially messaging apps) updated. Monitor for suspicious Behaviour : unexpected battery drain, strange messages you didn’t send, unknown apps, or abnormal data usage — these can be signs of compromise. If observed, isolate the device (turn off network), back up important data, and seek a forensic check or factory reset after consultation.