A disclosed zero‑day vulnerability affecting Samsung mobile devices has been added to the U.S. Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities (KEV) catalog, underscoring that it has been used in real‑world attacks. The flaw (tracked as CVE‑2025‑21042) resides in Samsung’s image‑processing library and could allow an attacker to execute arbitrary code on vulnerable Galaxy devices.
Security researchers have observed a sophisticated spyware family — dubbed LANDFALL — leveraging this zero‑day in campaigns that predated the patch. In these incidents, a malformed image file delivered over messaging platforms could trigger remote code execution without user interaction, potentially giving attackers deep access to compromised phones.
Samsung addressed the vulnerability in an April 2025 update, and agencies like CISA have set patch deadlines for affected systems, but the incident highlights two persistent themes in mobile security:
The speed at which exploits can be weaponized once a zero‑day is found, and
The importance of timely patching and update adoption across device fleets, including corporate and consumer environments.
For organizations and individual users alike, applying the latest security updates and monitoring mobile firmware levels remains the most effective immediate mitigation against known exploitation. Integrating mobile security telemetry into broader threat‑detection systems can also help identify anomalous activity tied to compromised endpoints.
Top comments (0)