Samsung has released an urgent security update for Galaxy smartphones after a critical vulnerability was discovered in a third-party image-processing library. The flaw, identified via WhatsApp’s security team, allows malicious code execution through an “out-of-bounds write” error when parsing images. That means attackers could potentially take over parts of a device silently.
This problem affects many Galaxy models running Android 13 or newer. Because the image-parsing library is used by common apps, including messaging tools, a compromised file could be enough for a remote exploit. WhatsApp and Samsung both confirmed the vulnerability had already seen use in “in the wild” attacks, which means real devices have been targeted.
Samsung is urging all users with eligible Galaxy phones or tablets to install the update as soon as possible. Devices with automatic software updates enabled should receive the patch automatically when it becomes available. For others, users should manually check for updates via their phone’s system settings. The rollout of the patch depends on device model, carrier, and region, so not everyone will receive it at the same time.
According to Samsung, delaying the update even by a short while increases risk, since attackers are actively exploiting the vulnerability. The company is also working with app developers to patch any apps that use the vulnerable library. Users are advised to restart their devices once the update installs to ensure the fix takes full effect.
