Samsung zero-click vulnerability: Risk from a single photo

CTVXNovember 12, 2025 10:51

A serious vulnerability allows hackers to install Landfall spyware on Samsung Galaxy S22, S23, S24 phones just by sending an image file via WhatsApp. Samsung has released a patch.

A serious security flaw in Samsung Galaxy phones allows hackers to take control of the device and steal sensitive data just by sending an image file. The attack does not require any user interaction, raising major security concerns.

Security experts from Palo Alto Networks' Unit 42 discovered a spyware campaign called "Landfall" that exploited a zero-day vulnerability in Samsung software for about 10 months, from July 2024 to April 2025. Users are advised to update their software immediately to protect their devices.

How does the "zero-click" vulnerability work?

Operation Landfall exploited a previously undisclosed security vulnerability, identified as CVE-2025-21042, that allowed attackers to execute malicious code remotely simply by sending a specially crafted image over popular messaging apps like WhatsApp.

Các điện thoại Samsung đang bị hacker lợi dụng tấn công dữ liệu
Security vulnerability allows hackers to attack data on Samsung devices without user interaction.

The nature of this attack is classified as “zero-click,” meaning that the victim does not need to open, view, or interact with the image for the malware to be activated. The hacker only needs to send a DNG image file to the target. When the device receives this file, the vulnerability is automatically exploited, allowing the attacker to access the device without the user knowing. This sophisticated method can easily bypass traditional security measures.

Impact level and data at stake

The Landfall spyware targets specific Samsung models, including the Galaxy S22, S23, S24, and some Galaxy Z series devices. Devices running Android versions 13 to 15 are at risk.

Bạn nên cẩn thận khi được người lạ gửi ảnh trên Whatapp
Users should be cautious when receiving files, especially images, from unknown senders via messaging apps.

Once successfully installed, spyware has the ability to access and steal large amounts of personal data. Sensitive information that may be compromised includes:

  • Personal photos and videos
  • Text messages and emails
  • Contacts and call logs
  • Geolocation data
  • Record ambient sound through the device's microphone

The massive data breach has raised significant concerns about user privacy and security, highlighting the potential risks associated with vulnerabilities in widely used technologies.

Solutions from Samsung and recommendations for users

To address this threat, Samsung released a security patch in April 2025. This update fixed the CVE-2025-21042 vulnerability, blocking the Landfall spyware's exploit method.

Samsung đã vá lỗ hổng bảo mật này trong bản cập nhật phần mềm mới nhất
Samsung has released a software update to patch this serious security vulnerability.

All users of the mentioned Samsung devices are advised to check for and install the latest software update immediately. To do this, users can visitSettings > Software Update > Download & Install.

CTVX