Samsung Issues Emergency Update For Most Galaxy Users
Update now — attacks underway
NurPhoto via Getty Images
Republished on September 15 with Samsung’s confirmation that One UI 8 is now rolling out, and the implications for users given this emergency security update.
Samsung has suddenly warned that attacks on Galaxy smartphones are underway. The company has revised its September security update and all eligible phones will now receive the fix. The threat affects devices running Android 13 or newer.
CVE-2025-21043 was reported by WhatsApp in the same way as CVE-2025-55177, which affected Apple’s iPhone and was flagged last month. Samsung says it “was notified that an exploit for this issue has existed in the wild.”
The memory vulnerability within an image-parsing library opens the door for attackers to run malicious code on remote devices. It’s not clear yet if this impacts other messengers or just WhatsApp. But with 3 billion users, WhatsApp is installed on almost all Galaxy phones and so provides a vast attack surface.
Zimperium’s Brian Thornton told me this zero-day “shows just how fast attackers are shifting to mobile as their way in. In this case, a closed-source image library created a broad risk across Samsung devices and the apps that depend on it.”
Samsung says the risk is an “out-of-bounds write in libimagecodec.quram,” third-party image handling software that has triggered past security interest from Google’s Project Zero. The threat was disclosed on August 13 and affects Android 13, 14, 15 and 16.
“Both Samsung and WhatsApp have released patches to address this issue,” Black Duck’s Nivedita Murthy confirms. “This recently identified vulnerability can be exploited to gain unauthorized access to a user’s device and its stored data.”
Unsurprisingly the vulnerability has been given a critical severity rating. Unfortunately, Samsung’s challenge is that while applying the fix is urgent, users must await their turn. Unlike Pixel’s or iPhone’s everyone, everywhere update, it’s not as simple with the Galaxy rollout by model, region and carrier.
Given the similar zero-days, this contrasts unfavorably with Apple’s ability to patch all iPhones right away, in much the same way as iOS 26 will be deployed onto iPhones globally next week while most Galaxy owners face a long wait for One UI 8.
As long as your device is on Samsung’s monthly update schedule, you will be in line for the fix. Just ensure you install the update and reboot your phone as soon as you can.
Meanwhile, Google has just revealed (via Android Authority) a completely new approach to monthly security updates that will have a major impact on Samsung and how the company updates its Galaxy devices in the future.
Instead of a monthly update that collates all fixes ready at that time and rolls them out, Google’s revised monthly cadence will be reserved for critical fixes only — such as the zero-days it confirmed in the monthly update for this month.
The basket of lesser fixes will roll out quarterly, meaning you’ll have two critical only monthly updates with a handful of fixes at most, and then a bumper third month.
Samsung wraps Google’s Android updates with its own each month, so we’ll have to wait to see if it adapts its own approach to match Google. Otherwise we’ll find limited Android updates and more Samsung updates two months out of every three.
“If you already receive monthly security updates,” Android Authority says, “you’ll continue to get them. If you don’t, this change may help your device’s manufacturer deliver them more consistently. At the very least, it should make it easier for all OEMs to push out the quarterly updates.”
This could be good news for users. Per Phandroid, “this risk-based system tackles a longtime Android problem. Phone manufacturers have always struggled with monthly security updates, especially for budget devices. By focusing monthly releases on truly dangerous threats, Google makes it easier for manufacturers to keep devices protected without overwhelming their update pipelines.”
But it’s Samsung’s flagships that will be in focus this month, as the company finally confirms the rollout of One UI 8. “More users,” it announced Monday, “will be able to use advanced and personalized AI in their daily lives, taking one more step further towards AI democratization.” It also includes of new security upgrades.
Knox Enhanced Encrypted Protection, the company says, has been designed “to safeguard the next generation of AI experiences used by Galaxy’s Personal Data Engine.” This works by creating encrypted “app-specific storage environments within the device, ensuring each app can only access its own sensitive information.”
And on the Knox theme, One UI 8 also “automatically signs devices out of the Samsung Account if flagged for serious risks. It sends notifications across connected Galaxy devices and gives additional guidance on how to protect data.”
While the company’s “upgraded Secure Wi-Fi with post-quantum cryptography (PQC)” has been developed to better secure devices against network threats, even public WiFi.
If you are upgrading, then you should note that CVE-2025-21043 affects Android 16 as well as Android 13, 14 and 15. That means you need to ensure that once you’ve updated you’re running the latest version of the One UI 8 software, and that it includes the fix if you upgrade before you apply September’s security update.