Samsung released its September 2025 security update to fix a critical zero-day vulnerability that hackers are actively exploiting. The flaw, tracked as CVE-2025-21043, affects Galaxy devices running Android 13-16 and allows remote attackers to execute malicious code by tricking users into processing specially crafted images.
Meta and WhatsApp security teams discovered and privately reported the vulnerability. Samsung confirmed exploits already exist in the wild, making immediate patching crucial. The update also fixes 24 other security flaws, including high-severity issues that could let local attackers run arbitrary code.
Users should install the update immediately through Settings > Software update > Download and install.
Source: Cybersecurity News