A critical Samsung vulnerability (CVE-2025-21042) was exploited in zero-day attacks to deploy the LandFall spyware via WhatsApp, affecting flagship Galaxy devices. U.S. federal agencies are mandated to patch this flaw to prevent further breaches, with potential targets including multiple countries and espionage activities. #CVE-2025-21042 #LandFallSpyware
Keypoints
- The vulnerability resides in Samsung’s libimagecodec.quram.so library, enabling remote code execution.
- Attackers have exploited this flaw since at least July 2024 to deploy spyware via WhatsApp DNG images.
- The LandFall spyware can access browsing history, calls, location, contacts, and files on infected devices.
- The affected devices include Samsung Galaxy S22, S23, S24 series, Z Fold 4, and Z Flip 4.
- CISA has ordered U.S. federal agencies to patch the vulnerability by December 1, emphasizing its active exploitation and threat to national security.