Risk from 'zero-click' vulnerability: Millions of Samsung Galaxy phones could be hacked

According to the company's security blog, the vulnerability, identified as CVE-2025-21043, was reported by WhatsApp itself. Samsung also confirmed that "exploit code for this vulnerability exists in the wild", showing that hackers are actively exploiting the weakness to carry out attacks.

Samsung issues emergency patch after discovering serious vulnerability on millions of devices.

The vulnerability stems from the way the operating system handles image files via a third-party library. Simply receiving a malicious photo sent via a messaging app like WhatsApp can automatically trigger the malware without the user opening the message or clicking any links. This is a zero-click attack - extremely dangerous because it is difficult for victims to detect and is often used in sophisticated espionage campaigns.

To fix it, Samsung released a security patch in its September update package. However, the inherent weakness of the Android ecosystem was exposed: unlike the iPhone or Google Pixel, which are updated simultaneously, Galaxy phones have to wait depending on the model, region, and carrier. This means that millions of devices are still vulnerable to attacks until the patch is distributed.

In the context of high risk, Samsung recommends that users proactively protect their devices by updating the operating system and applications as soon as new versions are available. This is still the simplest but most effective measure to prevent threats from cyberspace.

Source: https://doanhnghiepvn.vn/cong-nghe/nguy-co-tu-lo-hong-zero-click-hang-trieu-dien-thoai-samsung-galaxy-co-the-bi-hacker-xam-nhap/20250916103637968