All news with #landfall tag

CISA Orders Federal Patch for Samsung Zero‑Day Spyware

🔒 CISA has ordered U.S. federal agencies to patch a critical Samsung vulnerability, CVE-2025-21042, which has been exploited to deploy LandFall spyware via malicious DNG images sent over WhatsApp. The flaw is an out-of-bounds write in libimagecodec.quram.so affecting devices on Android 13 and later; Samsung issued a patch in April after reports from Meta and WhatsApp security teams. CISA added the bug to its Known Exploited Vulnerabilities catalog and requires Federal Civilian Executive Branch agencies to remediate by December 1 under BOD 22-01. The spyware can exfiltrate data, record audio, and track location.

Samsung Zero-Click Flaw Exploited to Deploy LANDFALL Spyware

🔒 A now-patched out-of-bounds write in libimagecodec.quram.so (CVE-2025-21042, CVSS 8.8) was used as a zero-click vector to deliver commercial-grade Android spyware known as LANDFALL. The campaign appears to have used malicious DNG images sent via WhatsApp to extract and load a shared library that installs the spyware. Unit 42 links activity to targets in Iraq, Iran, Turkey, and Morocco and notes samples dating back to July 2024. The exploit also deployed a secondary module to modify SELinux policy for persistence and elevated privileges.