Samsung Issues Emergency Update for All Eligible Galaxy Phones After Google Confirms Active Attacks

Samsung has released a critical security update for all eligible Galaxy smartphones, just hours after Google confirmed that newly discovered Android vulnerabilities are already being exploited in active attacks. The unusually early release signals the seriousness of the threat and the urgency for users to update their devices as soon as possible.

Google Confirms Two Vulnerabilities Under Exploitation

Google disclosed two high-risk security flaws — CVE-2025-48633 and CVE-2025-48572 — warning that both may be under “limited, targeted exploitation.” Samsung’s security bulletin currently includes a fix only for the first vulnerability, though it remains unclear whether the second affects Galaxy devices.

The vulnerability patched in Samsung’s update affects the Android framework and could allow remote denial-of-service attacks without requiring elevated privileges. Google is withholding full technical details until enough devices have been secured.

Samsung Patches Three Additional Zero-Day Flaws

Alongside Google’s fix, Samsung’s December update includes three critical zero-day patches uncovered by Google’s Project Zero, the elite research team tasked with discovering and analysing high-impact vulnerabilities across global software ecosystems.

All three flaws allow remote attackers to access out-of-bounds memory, a dangerous weakness that can lead to data exposure, system instability or further exploit chains. Each vulnerability affects the same component — the libimagecodec.quram.so library — the same library that prompted Samsung’s emergency update in October and triggered a warning from U.S. government cybersecurity agencies.

The combination of Android-level and Samsung-specific zero-day vulnerabilities makes this month’s patch “an emergency update” by any standard.

Update Timing Remains a Major Challenge

Unlike Google’s Pixel devices, which receive updates instantly and universally, Samsung must navigate a fragmented distribution system involving carriers, regions and device generations. This creates delays in pushing security patches to hundreds of millions of Galaxy phones worldwide.

As a result, Samsung users should monitor their devices closely and install the update immediately once available. The company has not detailed a rollout schedule, but availability is expected to vary by model and location over the coming days and weeks.

What Galaxy Users Should Do Now

Samsung owners are strongly advised to:

• Manually check for updates in Settings

• Install the December security patch as soon as it appears

• Avoid sideloading apps or clicking unexpected links while waiting for the update

• Enable automatic updates where supported

With confirmed exploitation already underway, prompt action is essential to minimise risk.

This latest security alert highlights the escalating pace of mobile cyberattacks and the importance of rapid patch adoption across the Android ecosystem. As more details emerge, users should remain vigilant and prioritise device security during the rollout period.

Photo Credit: DepositPhotos.com