Samsung has announced that it has patched a zero-day security vulnerability actively exploited by hackers to infiltrate its customers’ phones. The flaw was discovered in a software library responsible for displaying images on Samsung devices and allowed attackers to remotely plant malicious code. According to the company, the vulnerability affected devices running Android 13 through the latest release, Android 16.
The Vulnerability
The bug, now identified as a zero-day, is classified as such because Samsung had no time to address the flaw before it was exploited in the wild. Zero-day exploits are among the most dangerous in cybersecurity because they leave users exposed until a patch is developed and released.
Samsung’s advisory confirms that the security teams at Meta and WhatsApp privately disclosed the flaw on August 13, 2025. The companies warned that attackers were already leveraging the vulnerability in real-world hacking campaigns. However, Samsung has not released a detailed list of affected devices, and the scale of the attacks remains unknown.
Who Is Behind the Attacks?
As of now, it is unclear who orchestrated the hacking campaign or how many Samsung users were targeted. Samsung has declined to comment further on the matter. What is known is that the exploit fits into a broader trend of spyware and surveillance attacks aimed at both Android and iPhone users.
Wider Spyware Campaign
Samsung’s fix comes amid a wave of similar security updates from other tech giants:
- Apple released emergency patches in August 2025 to address vulnerabilities that were reportedly used in “extremely sophisticated attacks” targeting a small group of iPhone users. While Apple has not revealed technical details, it confirmed the flaws were exploited in targeted spyware campaigns. The company continues to notify new victims periodically, and on September 3, 2025, informed additional customers of attempted attacks, according to France’s cybersecurity authorities.
- WhatsApp also rolled out its own fixes in August after its security team detected targeted attacks. The messaging platform said it sent fewer than 200 notifications to affected users whose devices had been compromised or targeted.
The overlapping timelines suggest that the Samsung zero-day exploit may be part of a larger coordinated spyware effort impacting users across both Android and iOS ecosystems.
What Samsung Users Should Do
Samsung has issued security patches as part of its September 2025 update, urging customers to install the update immediately. Users should:
- Check for and install the latest Samsung security update under system settings.
- Enable automatic updates to ensure timely fixes in the future.
- Be cautious about opening images or files from untrusted sources, since the flaw resided in the image-handling library.
Samsung’s patched zero-day underscores the growing risk of spyware and targeted surveillance campaigns that exploit vulnerabilities across major platforms. While the company has acted swiftly after being notified by Meta and WhatsApp, questions remain about the scale of the attacks and who was behind them. With Apple and WhatsApp also addressing related exploits, the incident highlights the importance of timely updates and vigilance in a world where mobile devices remain prime targets for sophisticated cyberattacks.
