Samsung says it has fixed a zero-day security vulnerability that is being used to hack into its customers’ phones.
The phone maker said the security flaw, discovered in a software library for displaying images on Samsung devices, allows hackers to remotely plant malicious code on Samsung devices running Android 13 through the most recent version, Android 16.
Samsung’s advisory said security teams from Meta and WhatsApp privately notified the company on August 13 and was told that “an exploit for this issue has existed in the wild.”
Samsung did not provide a list of devices affected by the vulnerability.
The bug is known as a zero-day because the vendor, in this case Samsung, was given no time to fix the bug before it was exploited.
It’s not immediately clear who is behind the hacking campaign or how many Samsung customers are affected, and a spokesperson for Samsung did not respond to a request for comment sent prior to publication.
But the security fixes coincide with a flurry of security updates from other phone software vendors aimed at countering an ongoing spyware campaign.
Samsung’s security patches follow separate security fixes issued by Apple and WhatsApp in August, fixing vulnerabilities that security researchers say were used to target both iPhone owners and Android users.
WhatsApp told TechCrunch at the time that the messaging app maker sent fewer than 200 notifications to affected users whose phones were targeted or compromised by the campaign.
For its part, Apple has not commented on the vulnerabilities it patched, except to say that the flaw was used in an “extremely sophisticated attack against specific targeted individuals.”
Apple periodically notifies new victims of potential spyware attacks and asks them to seek help from Access Now’s digital security lab. Most recently, on September 3, the tech giant notified an unspecified number of its customers that their phones were targeted as part of a spyware campaign, according to the French government.
