CISA recently instructed federal agencies to fix a serious security issue linked to Samsung devices. This flaw, known as CVE-2025-21042, has been targeted in attacks that install spyware called LandFall on devices using WhatsApp.
The vulnerability, found in a key library of Samsung’s software, lets hackers execute code on devices running Android 13 and newer. Although Samsung issued a fix in April after reports from Meta and WhatsApp, Palo Alto Networks revealed that criminals had been exploiting this flaw to spread LandFall spyware since at least July 2024.
This spyware can invade a victim’s life. It tracks browsing history, records audio calls, monitors locations, and accesses photos, messages, and files. Unit 42’s recent analysis shows it primarily targets popular models like the Galaxy S22, S23, and S24, as well as the Z Fold 4 and Z Flip 4. Its impact extends to potential victims in countries like Iraq, Iran, Turkey, and Morocco. Interestingly, similarities in the spyware’s control infrastructure hint at connections to previous operations associated with Stealth Falcon, a group linked to the UAE.
CISA has added CVE-2025-21042 to its Known Exploited Vulnerabilities catalog. This catalog highlights flaws that are actively exploited in attacks. Federal agencies have until December 1 to patch their devices, as mandated by the Binding Operational Directive (BOD) 22-01. While this directive focuses on federal agencies, CISA is urging all organizations to act fast and apply necessary updates.
Cybersecurity experts warn that such vulnerabilities often attract malicious actors, posing serious risks to security. CISA advised organizations to follow vendor guidance for mitigation or, if necessary, discontinue using vulnerable products.
In the same vein, Samsung also addressed another flaw in the same library earlier this September, which also posed risks to Android users. As technology evolves, staying aware of cybersecurity threats and acting quickly can help protect individuals and organizations from potential harm.
For detailed cybersecurity insights, consider checking out the research guide on emerging risks.
