Samsung has patched a critical remote code execution vulnerability that was actively exploited in zero-day attacks on its Android devices. The security flaw, tracked as CVE-2025-21043, was found in an image parsing library and affects Samsung phones running Android 13 or newer. Samsung confirmed that the vulnerability allowed hackers to execute malicious code on a device remotely, and that an exploit for the issue had been discovered "in the wild."
The vulnerability was reported to Samsung by the security teams at Meta and WhatsApp. A Meta spokesperson said they shared their findings as part of a proactive investigation into a highly targeted exploit that occurred over the summer. This is likely the same spyware campaign that leveraged a "zero-click" flaw in WhatsApp's iOS and macOS clients, which was chained with a related vulnerability in Apple's software.
That particular attack was described as "extremely sophisticated," and a human rights organization confirmed that WhatsApp had warned some users that their devices had been targeted. In response, Apple patched its vulnerability last month, and Samsung followed with a patch for its own flaw this week.
In a separate but related development, hackers also recently started deploying malware on unpatched Samsung MagicINFO 9 Servers. That vulnerability, tracked as CVE-2024-7399, is an unauthenticated remote code execution flaw in a content management system used by businesses in a variety of industries, including retail and hospitality.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
