Samsung just patched a critical zero-day vulnerability that hackers are actively using to break into Galaxy phones. The flaw, discovered in Samsung's image processing software, affects devices running Android 13 through Android 16 and allows attackers to remotely plant malicious code. Meta and WhatsApp security teams alerted Samsung in August that exploits were already circulating in the wild.
Samsung just closed a critical security hole that hackers have been using to break into customers' phones for weeks. The company quietly released patches for a zero-day vulnerability in its image processing software that affects Galaxy devices running Android 13 through the latest Android 16.
The timing reveals how quickly modern cyberattacks can spread. Meta and WhatsApp security teams discovered the exploit and notified Samsung on August 13, warning that "an exploit for this issue has existed in the wild," according to Samsung's security advisory. That means hackers were already using this vulnerability to target real users before Samsung even knew it existed.
The technical details are particularly concerning for Galaxy users. The flaw exists in a software library that processes images on Samsung devices, giving attackers a way to remotely plant malicious code just by getting victims to view a specially crafted image file. Samsung hasn't disclosed which specific Galaxy models are vulnerable, but the Android version range suggests millions of devices could be at risk.
[Image: Samsung Galaxy phones displaying security update notifications]
This attack fits into a much larger spyware campaign that's been targeting both Android and iPhone users. Samsung's patches come just weeks after Apple and WhatsApp issued their own emergency security fixes in August to counter what researchers describe as an "extremely sophisticated attack against specific targeted individuals."
WhatsApp told TechCrunch that fewer than 200 users received notifications that their phones were targeted or compromised in this campaign. But the coordinated nature of these attacks across multiple platforms suggests a well-resourced threat actor, possibly a government-backed group, is systematically targeting high-value individuals across different mobile ecosystems.
