CISA Warns of Actively Exploited 0-Day RCE Vulnerability in Samsung Mobile Devices

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical remote code execution vulnerability affecting Samsung mobile devices that is actively being exploited in real-world attacks.

The flaw resides in the libimagecodec.quram.so library, a core component used for image processing on Samsung phones.

Critical Security Flaw Puts Millions of Users at Risk

The out-of-bounds write vulnerability allows attackers to bypass normal memory restrictions and inject arbitrary code directly into Samsung devices.

By exploiting this flaw, remote attackers can gain complete control over affected phones without requiring user interaction or device compromise.

This represents a particularly dangerous threat vector because the vulnerability operates at the system library level, giving attackers privileged access to sensitive device functions.

The vulnerability is classified under CWE-787 (Out-of-Bounds Write), a weakness category associated with memory corruption attacks.

Security researchers have confirmed that this vulnerability is actively being exploited in attacks, though the extent and specific threat actors behind the exploitation remain under investigation.

CISA has not yet confirmed whether this flaw is being used in active ransomware campaigns, but the risk assessment remains critical.

CISA has provided clear guidance for affected users and organizations. Device owners should immediately apply any available security patches released by Samsung for their specific phone models.

Organizations managing Samsung mobile devices should follow applicable BOD 22-01 guidance, which establishes security requirements for federal cloud services and connected systems.

For users unable to apply patches immediately, CISA recommends discontinuing use of affected devices until updates become available.

This vulnerability highlights the ongoing risks associated with mobile device security. Samsung has been notified and is expected to release patches through standard security update channels.

Users should immediately enable automatic updates and check for pending security patches in their device settings.

CVE Details Table

Field	Details
Vulnerability Type	Out-of-Bounds Write (Remote Code Execution)
Affected Component	libimagecodec.quram.so
Target Devices	Samsung Mobile Devices
Attack Vector	Remote
Related CWE	CWE-787
Exploitation Status	Active exploitation confirmed
Ransomware Association	Unknown
Recommended Action	Apply vendor patches or discontinue device use

This warning underscores the importance of keeping mobile devices up to date and monitoring security advisories from trusted sources such as CISA.

Find this Story Interesting! Follow us on Google News, LinkedIn and X to Get More Instant Updates

The post CISA Warns of Actively Exploited 0-Day RCE Vulnerability in Samsung Mobile Devices appeared first on Cyber Security News.