Samsung has issued a critical patch for an Android 0-day vulnerability (CVE-2025-21043) affecting OS versions 13-16, which allowed remote code execution and was actively exploited, potentially enabling surveillance of WhatsApp messages. Discovered by Meta, this flaw appears to have been chained with a WhatsApp bug in sophisticated, targeted attacks, mirroring a similar exploit chain previously observed on Apple devices. This underscores the persistent threat of advanced surveillanceware targeting high-value individuals across major mobile platforms.
Samsung has addressed a critical zero-day vulnerability, CVE-2025-21043, in its Android OS versions 13 through 16, confirming that an exploit was active in the wild prior to the patch. The flaw, an out-of-bounds write in an image processing library, permitted remote code execution and was reported by Meta's security team. The exploit's significance is amplified by its potential to be chained with a separate WhatsApp vulnerability (CVE-2025-55177), enabling targeted surveillance. This situation mirrors a recent, similar attack vector on Apple devices, where the same WhatsApp flaw was combined with an iOS-level vulnerability (CVE-2025-43300). The repeated use of this attack pattern across both major mobile ecosystems highlights a systemic threat from sophisticated surveillanceware, likely from commercial or state-sponsored actors, targeting widely used communication platforms. While Meta (META) appears proactive by discovering and reporting the issue, the vulnerability underscores persistent security risks for both Apple (AAPL) and the broader Android ecosystem, challenging the security premium often attributed to these platforms.
AI-powered research, real-time alerts, and portfolio analytics for institutional investors.
Request a DemoOverall Sentiment
strongly negative
Sentiment Score
-0.60
Ticker Sentiment
