Samsung resolves zero-day vulnerability exploited to compromise users’ smartphones

Samsung has announced it resolved a previously unknown security issue that was actively being used to compromise users’ phones. 

According to Samsung, the vulnerability was found in a software library responsible for rendering images on their devices. This flaw enabled attackers to remotely inject harmful code on Samsung smartphones running Android 13 up to the latest Android 16 version. 

In its advisory, Samsung revealed that Meta and WhatsApp’s security teams discreetly alerted them about the problem on August 13, indicating that “an exploit for this vulnerability was already being used in real-world attacks.” 

Samsung has not shared a comprehensive list of which models are impacted by this security issue.

This issue is called a zero-day because Samsung had no advance notice to address it before hackers took advantage of the flaw. 

Details about who is orchestrating these attacks or the number of affected Samsung users remain unknown, and the company did not reply to a request for comment before this article was published.

These security updates arrive amid a series of patches from various mobile software companies, all responding to a persistent threat from spyware campaigns. 

Samsung’s recent updates follow similar patches released by Apple and WhatsApp in August, addressing vulnerabilities that security experts say were leveraged against both iOS and Android devices.

WhatsApp informed TechCrunch at the time that fewer than 200 users received notifications after their devices were targeted or breached during the campaign. 

Apple, for its part, has not issued a public statement about the specific vulnerabilities it addressed, aside from acknowledging that the bug was used in a “highly sophisticated attack directed at particular individuals.”

Apple regularly alerts new users suspected of being targets of spyware and encourages them to contact Access Now’s digital security lab for assistance. Most recently, on September 3, the company notified an unspecified group of customers that their devices had been targeted in a spyware operation, as reported by the French government.