CISA issues Samsung smartphone security update warning.
SOPA Images/LightRocket via Getty Images
Following the recent confirmation that hackers exploited a critical zero-day vulnerability in Samsung’s Android image processing library to install Landfall smartphone spyware during attacks, America’s Cyber Defense Agency, and the U.S. national coordinator for critical infrastructure security and resilience, CISA, has urged all organisations to update as soon as possible. Some federal agencies have a mandatory obligation to update within 21 days.
ForbesGoogle Issues Critical New VPN Threat Warning For Billions Of UsersBy Davey WinderEnsure Your Samsung Is Updated Against CVE-2025-21042
As I reported on November 8, attackers have been confirmed as being successful in using a zero-day vulnerability within the Samsung Android image processing library, CVE-2025-21042, to install spyware on smartphones.
Security researchers from the Palo Alto Networks Unit 42 team published an in-depth analysis of the attacks, detailing how CVE-2025-21042 was exploited in the wild before being patched by Samsung in April. This was no ordinary malware, either; this was commercial-grade spyware of the highest order. It is understood that the attacks started as early as July 2024, and were in operation for months until finally being patched by Samsung.
Unit 42 said that CVE-2025-21042 was not the first and is unlikely to be the last vulnerability that can be exploited by LandFall or similar spyware exploits. I have approached Samsung for a statement.
ForbesHotels Hacker Alert Issued As ‘I Paid Twice’ Attacks ConfirmedBy Davey WinderUpdate Your Samsung Devices Now, By Order Of CISA
If you have already applied that update, sit back and relax — you are fully covered against any risk from this Landfall attack. However, if you are among those organizations who have not, for whatever reason, then CISA wants to have an urgent word: update now. OK, two words, but you get the idea.
CISA has added CVE-2025-21042 flaw to the Known Exploited Vulnerabilities catalog, which means it is now officially flagged as actively exploited, and Federal Civilian Executive Branch agencies are legally mandated to secure their Samsung devices within 21 days or stop using them.
“Although BOD 22-01 only applies to FCEB agencies,” CISA said, “CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice.” So, Samsung users, you know what to do and when to do it. What are you waiting for?
ForbesRestart Google Chrome 142 Now, High-Rated Security Issues ConfirmedBy Davey Winder