Samsung is urging Galaxy phone users to immediately update their devices to address a critical security vulnerability.

Samsung Galaxy users should be aware of a recent security alert. A critical vulnerability is being actively exploited on Galaxy phones, including models like the Galaxy S25 and Galaxy S25 Edge. Samsung has released an updated September security patch to address this issue. The vulnerability, identified as CVE-2025-21043, affects Samsung Galaxy devices operating on Android 13 and later.

Reported by WhatsApp, the flaw is rated as critical. It is not yet known if the problem extends beyond WhatsApp to other messaging apps. The vulnerability impacts a large user base of 3 billion active WhatsApp users. CVE-2025-21043 is located in a closed-source image parsing library from Quramsoft, potentially leading to an out-of-bounds write vulnerability.

A remote attacker could exploit this by sending a specially crafted image file to a vulnerable device. When the device processes the image, malicious code could be written to an unintended memory location. This overflow could allow the attacker to execute arbitrary code, gaining control of the device and access to the victim's data.

The attack is zero-click, meaning no user interaction is required, increasing its danger compared to phishing. The attack occurs in the background, making it difficult to detect. Such attacks are considered rare due to their complexity.

These sophisticated attacks are usually carried out by well-resourced entities, such as nation-states, targeting high-profile individuals like journalists, politicians, diplomats, and government defense employees for espionage.

Last month, WhatsApp patched a similar zero-click vulnerability affecting iPhones, which involved "incomplete authorization of linked device synchronization messages," potentially allowing unauthorized triggering of content processing from an arbitrary URL. This vulnerability, along with another one addressed last month, was used in a sophisticated attack against specific users.

To protect yourself, ensure your Galaxy phone is updated to the latest Android version and that all apps are current. Samsung updates may vary by phone model, country, and carrier, so updates are staggered. Install updates as soon as they become available for your device.

Although these attacks are targeted, taking precautions is essential. Devices lacking the latest OS version and security patch are more vulnerable. Keeping your device updated is a simple yet effective way to enhance your security.

In other news, after a year of development, "Iconic Phones: Revolution at Your Fingertips," a coffee table book about the technological revolution of the 21st century, will be released in a few months. Follow the link for details.