Last week, the cybersecurity team at Palo Alto Networks' Unit 42 published a report that detailed their discovery of a vulnerability on the best Samsung phones. The bug, tracked as CVE-2025-21042, exploits a flaw in the image processing library that left users vulnerable to a zero-day exploit for months.
Called “Landfall,” the exploit was patched by Samsung in April. However, it does appear that it had been left open since mid-2024, leaving select users vulnerable to malicious image files that could have been embedded in WhatsApp messages. These malicious DNG files may have been labeled as .jpeg files to make them appear more legitimate too. Landfall, as a zero-day flaw, would not have required any interaction from the user in order to infect the device.
- Galaxy S22 series
- Galaxy S23 series
- Galaxy S24 series
- Galaxy Z Fold 4
- Galaxy Z Flip 4
What the spyware records
Once installed, the spyware is capable of recording audio, accessing and and collecting data from photos, contacts, location and call logs among other capabilities. Landfall targeted specific Samsung devices throughout the Middle East, including Iraq, Iran, Turkey and Morocco.
Again, Samsung owners are now protected from the threat as the company was informed of the danger back in September 2024 and issued a fix in April. CISA (Cybersecurity and Infrastructure Security Agency), has ordered federal agencies to patch any affected Samsung devices and it also added the bug to the Known Exploited Vulnerabilities catalog, which lists security bugs that are flagged as actively exploited in attacks. The federal agencies have until December 1st to secure vulnerable devices.
How to stay safe from spyware
Because Landfall has already been corrected through a patch, one of the best ways to ensure that you can avoid this malware – and other serious threats – is to always keep your phone's operating system up-to-date. This keeps your device protected against recent and newer threats as updates often include security patches as well as other new features that can help protect you online.
At the same time, you also want to be wary about who you connect with online and what you click on, download and install. The usual social engineering and phishing rules apply here too – if you don't know who sent the link or download, you don't need to click on it or install it.
In order to stay protected, it's also advisable that you use one of the best Android antivirus apps on your device alongside Google Play Protect as they often additional additional security features like a VPN, browser warnings about suspicious sites and both phishing and scam alerts.
Zero-day flaws are just something that phone makers have to deal with as hackers are always looking for a new, undiscovered way to gain access to our devices. However, by keeping your phone updated and practicing good cyber hygiene, you can avoid falling victim to a majority of the attacks that leverage them.
Follow Tom's Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds.
More from Tom's Guide
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
