{“lastseen”:”2025-11-11T16:05:14″,”description”:”A critical vulnerability has put Samsung mobile device owners at risk of sophisticated cyberattacks. On November 10, 2025, the US Cybersecurity and Infrastructure Security Agency (CISA) added a vulnerability, tracked as CVE-2025-21042, to its Known Exploited Vulnerabilities (KEV) catalog. The KEV catalog lists vulnerabilities that are known to be exploited in the wild and sets patch deadlines for Federal Civilian Executive Branch (FCEB) agencies.\\n\\nSo, for many cybersecurity professionals, CISA adding this vulnerability to the list signals both urgency and confirmation of active, real-world exploitation.\\n\\nCVE-2025-21042 was reportedly exploited as a remote code execution (RCE) zero-day to deploy LANDFALL spyware on Galaxy devices in the Middle East. But once that happens, other criminals tend to quickly follow with similar attacks.\\n\\nThe flaw itself is an out-of-bounds write vulnerability in Samsung\u2019s image processing library. These vulnerabilities let attackers overwrite memory beyond what is intended, often leading to memory corruption, unauthorized code execution, and, as in this case, device takeover. CVE-2025-21042 allows remote attackers to execute arbitrary code\u2014potentially gaining complete control over the victim\u2019s phone\u2014without user interaction. No clicks required. No warning given.\\n\\nSamsung patched this issue in April 2025, but CISA\u2019s recent warning highlights that exploits have been active in the wild for months, with attackers outpacing defenders in some cases. The stakes are high: data theft, surveillance, and compromised mobile devices being used as footholds for broader enterprise attacks.\u200b\\n\\nThe exploitation playbook is as clever as it is dangerous. According to research from Unit 42, criminals (likely private-sector offensive actors operating out of the Middle East) weaponized the vulnerability to deliver LANDFALL spyware through malformed Digital Negative (DNG) image files sent via WhatsApp. DNG is an open and lossless RAW image format developed by Adobe and used by digital photographers to store uncompressed sensor data.\\n\\nThe attack chain works like this:\\n\\n * The victim receives a booby-trapped DNG photo file.\\n * The file, armed with ZIP archive payloads and tailored exploit code, triggers the vulnerability in Samsung\u2019s image codec library.\\n * This is a \u201czero-click\u201d attack: the user doesn\u2019t have to tap, open, or execute anything. Just processing the image is enough to compromise the device.\\n\\n\\n\\nIt\u2019s important to know that Samsung addressed another image-library flaw, CVE-2025-21043, in September 2025, showing a growing trend: image processing flaws are becoming a favorite entry point for both espionage and cybercrime.\\n\\n## What should users and businesses do?\\n\\nOur advice to stay safe from this type of attack is simple:\\n\\n * **Patch immediately.** If you haven\u2019t updated your Samsung device since April, do so. FCEB organizations have until December 1, 2025, to comply with CISA\u2019s operational directive.\\n * **Be wary of unsolicited messages and files** , especially images received over messaging apps.\\n * **Download apps only from trusted sources** and avoid sideloading files.\\n * **Use up-to-datereal-time anti-malware solution **for your devices.\\n\\n\\n\\nZero-days targeting mobile devices are becoming frighteningly common, but the risk can be lowered with urgent patching, awareness, and solid security controls. As LANDFALL shows, the most dangerous attacks today are often the quietest\u2014no user action required and no obvious signs until it\u2019s too late.\\n\\n### **Device models targeted by LANDFALL:**\\n\\nGalaxy S23 Series\\n\\nGalaxy S24 Series\\n\\nGalaxy Z Fold4\\n\\nGalaxy S22\\n\\nGalaxy Z Flip4\\n\\n* * *\\n\\n**We don\u2019t just report on phone security\u2014we provide it**\\n\\nCybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.”,”published”:”2025-11-11T14:28:04″,”modified”:”2025-11-11T14:28:04″,”type”:”malwarebytes”,”title”:”Patch now: Samsung zero-day lets attackers take over your phone”,”source”:””,”references”:””,”id”:”MALWAREBYTES:C0DB8E19A7D78A3573CC4043414F0809″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[“CVE-2025-21042″,”CVE-2025-21043″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:9.8,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2025\/11\/patch-now-samsung-zero-day-lets-attackers-take-over-your-phone”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-11-11T16:05:14″,”description”:”A critical vulnerability has put Samsung mobile device owners at risk of sophisticated cyberattacks. On November 10, 2025, the US Cybersecurity and Infrastructure Security Agency…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[9,6,8,35,12,115,13,7,11,5],"class_list":["post-25669","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-critical","tag-cve","tag-cvss","tag-cvss-98","tag-exploit","tag-malwarebytes","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n