{"id":224722,"date":"2025-11-08T00:11:40","date_gmt":"2025-11-08T06:11:40","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/11\/new-landfall-spyware-exploited-samsung-zero-day-via-whatsapp-messages"},"modified":"2025-11-08T00:11:40","modified_gmt":"2025-11-08T06:11:40","slug":"new-landfall-spyware-exploited-samsung-zero-day-via-whatsapp-messages","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/11\/new-landfall-spyware-exploited-samsung-zero-day-via-whatsapp-messages","title":{"rendered":"New LandFall spyware exploited Samsung zero-day via WhatsApp messages"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/new-landfall-spyware-exploited-samsung-zero-day-via-whatsapp-messages.jpg\"><\/a><\/p>\n<p>A threat actor exploited a zero-day vulnerability in Samsung\u2019s Android image processing library to deploy a previously unknown spyware called \u2018LandFall\u2019 using malicious images sent over WhatsApp.<\/p>\n<p>The security issue was <a href=\"http:\/\/security.samsungmobile.com\/securityUpdate.smsb?year=2025&month=04\" target=\"_blank\" rel=\"nofollow noopener\">patched this year in April<\/a>, but researchers found evidence that the LandFall operation was active since at least July 2024, and targeted select Samsung Galaxy users in the Middle East.<\/p>\n<p>Identified as CVE-2025\u201321042, the zero-day is an out-of-bounds write in <em>libimagecodec.quram.so<\/em> and has a critical severity rating. A remote attacker successfully exploiting it can execute arbitrary code on a target device.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A threat actor exploited a zero-day vulnerability in Samsung\u2019s Android image processing library to deploy a previously unknown spyware called \u2018LandFall\u2019 using malicious images sent over WhatsApp. The security issue was patched this year in April, but researchers found evidence that the LandFall operation was active since at least July 2024, and targeted select Samsung [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1512,1492],"tags":[],"class_list":["post-224722","post","type-post","status-publish","format-standard","hentry","category-mobile-phones","category-security"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/224722","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=224722"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/224722\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=224722"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=224722"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=224722"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}