Samsung has issued a critical security patch for Android devices addressing CVE-2025-21043, an actively exploited out-of-bounds write vulnerability in its image parsing library that enables remote code execution. Reported by Meta and WhatsApp, this flaw is implicated in sophisticated spyware campaigns targeting WhatsApp users on both Android and iPhone, underscoring persistent threats from commercial spyware vendors against widely adopted mobile platforms.
Samsung has released a critical security update for an actively exploited zero-day vulnerability, CVE-2025-21043, which carries a high severity CVSS score of 8.8. The flaw, an out-of-bounds write issue in a core image parsing library, allows for remote code execution, posing a significant threat to device integrity. The vulnerability was reported by Meta's WhatsApp security team, implicating the messaging app as a potential attack vector. This event is not isolated to Samsung's Android ecosystem; the advisory links it to a sophisticated spyware campaign that also targeted a similar vulnerability (CVE-2025-43300) on Apple's iOS, iPadOS, and macOS. The coordinated nature of the attacks, attributed to commercial spyware vendors targeting specific users like journalists, highlights a persistent systemic risk for major mobile platforms. While the news is directly negative for Samsung and reflects poorly on Apple's platform security, it positions Meta's security team in a proactive and responsible light for identifying and disclosing the threat to its industry peers.
AI-powered research, real-time alerts, and portfolio analytics for institutional investors.
Request a DemoOverall Sentiment
strongly negative
Sentiment Score
-0.70
Ticker Sentiment
