SINGAPORE – The Cyber Security Agency of Singapore (CSA) has advised that users of Samsung Android devices update their software, amid concerns over a vulnerability that could be exploited by attackers.
The South Korean tech giant had released security updates addressing a high-severity vulnerability in millions of Samsung devices using Android 13, 14, 15 and 16.
Users of affected devices should go to their device’s settings menu and check for a software update issued in September.
The vulnerability – CVE-2025-21043 – could be exploited by an attacker to remotely gain access to devices and install malicious code without the users knowing it. If left unfixed, cyber criminals could steal confidential data and drain bank accounts.
“Users of affected product versions are strongly advised to update to the latest versions immediately,” CSA said.
The devices that need to be updated include Samsung’s flagship devices such as the Galaxy S25 and the Galaxy Z Fold7, as well as the Galaxy A56 5G.
Samsung is the second-largest smartphone manufacturer in the world after Apple, selling more than 220 million devices in 2024, according to research firm Canalys.
The vulnerability was privately disclosed to Samsung on Aug 13, according to online reports.
Samsung did not elaborate on how the vulnerability is being exploited but acknowledged that “an exploit for this issue has existed in the wild”.
The development comes after Google said in early September that it resolved two security flaws in Android that had been exploited in targeted attacks.
This follows a similar scare involving iPhones recently, after a flaw was found on WhatsApp for Apple’s iOS operating system that would allow attackers to send users malware or spyware disguised as a harmless-looking link.
