Risk from 'zero-click' vulnerability: Millions of Samsung Galaxy phones could be hacked

According to the company's security blog, the vulnerability, identified as CVE-2025-21043, was reported by WhatsApp itself. Samsung also confirmed that "exploit code for this vulnerability exists in the wild", indicating that hackers are actively exploiting the weakness to carry out attacks.

Samsung issues emergency patch after discovering serious vulnerability on millions of devices.

The vulnerability stems from the way the operating system handles image files through a third-party library. Simply receiving a malicious photo sent via a messaging app like WhatsApp can trigger the malware without the user having to open the message or click on any links. This is a zero-click attack, which is extremely dangerous because it is difficult for victims to detect and is often used in sophisticated espionage campaigns.

To fix it, Samsung released a security patch as part of its September update. However, the inherent weakness of the Android ecosystem was exposed: unlike iPhones or Google Pixels, which receive updates all at once, Galaxy phones have to wait depending on the model, region, and carrier. This means that millions of devices remain vulnerable until the patch is distributed.

In the context of high risk, Samsung recommends that users proactively protect their devices by updating the operating system and applications as soon as new versions are available. This is still the simplest but most effective measure to prevent threats from cyberspace.

Source: https://doanhnghiepvn.vn/cong-nghe/nguy-co-tu-lo-hong-zero-click-hang-trieu-dien-thoai-samsung-galaxy-co-the-bi-hacker-xam-nhap/20250916103637968