WASHINGTON / LONDON (IT BOLTWISE) – The US Cybersecurity and Infrastructure Security Agency (CISA) has asked federal authorities to close a critical security flaw in Samsung devices. This vulnerability was exploited in zero-day attacks to install the LandFall spyware on devices using WhatsApp.
Today’s daily deals at Amazon! ˗ˋˏ$ˎˊ˗
The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal authorities to close a critical security flaw in Samsung devices. This vulnerability, known as CVE-2025-21042, was exploited in zero-day attacks to install the LandFall spyware on devices using WhatsApp. The vulnerability is located in Samsung’s libimagecodec.quram.so library and allows attackers to remotely execute code on devices running Android 13 or later.
Although Samsung patched the issue back in April following a report from Meta and WhatsApp’s security departments, Palo Alto Networks’ Unit 42 recently found that the vulnerability has been exploited since at least July 2024. Attackers used malicious DNG images sent via WhatsApp to spread the previously unknown LandFall spyware. This spyware can access the victim’s browser history, record calls and audio, track location, and view photos, contacts, SMS, call logs, and files.
Unit 42 analyzed that the attacks affected a wide range of Samsung flagship models, including the Galaxy S22, S23 and S24 series as well as the Z Fold 4 and Z Flip 4. Data from VirusTotal samples shows potential targets in countries such as Iraq, Iran, Turkey and Morocco. The infrastructure and registration patterns of the command and control domains bear similarities to the Stealth Falcon operations originating from the United Arab Emirates.
Another indication is the use of the name “Bridge Head” for the malware loader component, a naming convention commonly found in commercial spyware from companies such as NSO Group, Variston, Cytrox and Quadream. However, LandFall could not be clearly attributed to any known spyware company or threat group. CISA has now added the CVE-2025-21042 vulnerability to its catalog of known exploited vulnerabilities and is asking federal agencies to secure their Samsung devices against ongoing attacks by December 1st.
This order applies to all U.S. civilian executive agencies, including the Departments of Energy, Department of Treasury, Department of Homeland Security, and Department of Health and Human Services. Although this mandatory directive only applies to federal agencies, CISA has urged all organizations to address this vulnerability as quickly as possible. “This type of vulnerability is a common target for malicious cyber actors and poses significant risks to federal agencies,” the agency warned.
In September, Samsung released security updates to address another vulnerability in the libimagecodec.quram.so library (CVE-2025-21043) that was exploited in zero-day attacks on Android devices. The urgency of these measures underlines the need to quickly close security gaps to ensure the integrity and security of IT systems.
Order an Amazon credit card without an annual fee with a credit limit of 2,000 euros!
Bestseller No. 1 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 2 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 3 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 4 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 5 ᵃ⤻ᶻ “KI Gadgets”
Please send any additions and information to the editorial team by email to de-info[at]it-boltwise.de. Since we cannot rule out AI hallucinations, which rarely occur with AI-generated news and content, we ask you to contact us via email and inform us in the event of false statements or misinformation. Please don’t forget to include the article headline in the email: “CISA calls for urgent security updates for Samsung devices”.