Samsung patches actively exploited zero-day reported by WhatsApp

Tracked as CVE-2025-21043, this critical security flaw affects Samsung devices running Android 13 or later and was reported by the security teams of Meta and WhatsApp on August 13.

As Samsung explains in a recently updated advisory, this vulnerability was discovered in libimagecodec.quram.so (a closed-source image parsing library developed by Quramsoft that implements support for various image formats) and is caused by an out-of-bounds write weakness that allows attackers to execute malicious code on vulnerable devices remotely.

Although Apple and WhatsApp haven’t released any details regarding the attacks chaining CVE-2025-55177 and CVE-2025-43300, Donncha Ó Cearbhaill (the head of Amnesty International’s Security Lab) said that WhatsApp has warned some users that their devices were targeted in an advanced spyware campaign.

To read the complete article see: Bleeping Computer