Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Android libimagecodec.quram.so out-of-bounds write memory corruption flaw (CVE-2025-21043)

Vulnerability
First reported
Last updated
Happening score
H score 50
1 unique sources, 1 articles

Summary

Hide ▲

Samsung fixed CVE-2025-21043, an out-of-bounds write in libimagecodec.quram.so that was exploited in zero-day attacks, creating arbitrary code execution risk for Android 13, 14, 15, and 16. The flaw was privately disclosed on August 13, 2025 and later shipped in Samsung's September 2025 security update.

Related Happenings

SparkCat malware variant in App Store and Google Play apps steals wallet recovery phrases

Malware Activity
First: 03.04.2026 12:10 Last: 03.04.2026 12:10 Sources 1

About this happening: The **SparkCat** malware resurfaced in a new variant inside apps on the **Apple App Store** and **Google Play Store**, increasing the risk of mobile crypto wallet theft. The malwa...

Open Happening

NoVoice Android malware hidden in Google Play apps

Malware Activity
First: 01.04.2026 21:07 Last: 01.04.2026 21:07 Sources 1

About this happening: **NoVoice** Android malware was found hidden in **more than 50 Google Play apps**, exposing **at least 2.3 million downloads** to compromise. After installation, it used **old And...

Open Happening

Perseus Android note-stealing and remote-control malware activity

Malware Activity
First: 19.03.2026 12:13 Last: 19.03.2026 12:13 Sources 1

About this happening: The **Perseus** Android malware is now being used to inspect user notes for secrets, creating theft risk for **passwords**, **recovery phrases**, and **financial data**. It is als...

Open Happening

Google Play Protect and Play Integrity API expand Android anti-abuse controls in 2025

Security Tool/Service
First: 19.02.2026 19:00 Last: 19.02.2026 19:00 Sources 1

About this happening: Google expanded **Play Protect** and **Play Integrity API** anti-abuse controls for Android apps in **2025**, strengthening protection across the app ecosystem. The update matters...

Open Happening

LandFall spyware deployment via malicious WhatsApp .DNG images

Malware Activity
First: 07.11.2025 20:23 Last: 07.11.2025 20:23 Sources 1

About this happening: The **LandFall** spyware operation used malicious **.DNG** images sent over **WhatsApp** to exploit Samsung’s **CVE-2025-21042**, execute code on targeted Galaxy phones, and keep...

Latest development: 10.11.2025 22:00

CISA added CVE-2025-21042 to its Known Exploited Vulnerabilities catalog and ordered Federal Civilian Executive Branch agencies to secure Samsung devices against ongoing LandFall spyware attacks within three weeks, with a deadline of December 1. The guidance follows confirmation that the Samsung libimagecodec.quram.so flaw was exploited as a zero-day to deploy LandFall spyware on WhatsApp users.

Open Happening

Timeline

  1. 12.09.2025 18:16 1 articles · 8mo ago

    Private disclosure of CVE-2025-21043 to Samsung

    Initial Disclosure

    Samsung privately received disclosure of CVE-2025-21043, an out-of-bounds write in libimagecodec.quram.so developed by Quramsoft that could enable remote code execution on Android 13, 14, 15, and 16 devices.

    Show sources
    Open in new tab
  2. 12.09.2025 18:16 2 articles · 8mo ago

    Samsung ships Android security update for CVE-2025-21043

    Mitigation Patch Update

    Samsung's monthly Android security update fixed CVE-2025-21043 in libimagecodec.quram.so prior to SMR Sep-2025 Release 1, after acknowledging that an exploit for the issue existed in the wild and that the flaw had been used in zero-day attacks.

    Show sources
    Open in new tab