Samsung fixes image library flaw exploited in suspected spyware attacks

Samsung patched a zero-day vulnerability in its Android devices’ image parsing library that was actively exploited by attackers to execute arbitrary code remotely. The Meta and WhatsApp security teams reported the flaw on August 13, suggesting it may have been used in sophisticated attacks targeting WhatsApp users alongside a similar iOS vulnerability. Security researchers indicate that both iPhone and Android users were impacted by what appears to be commercial spyware targeting journalists and human rights defenders. The timing and nature of the exploit suggest spyware vendors chained vulnerabilities in messaging apps with operating system flaws to achieve code execution across multiple platforms.

Read more:

https://www.securityweek.com/samsung-patches-zero-day-exploited-against-android-users/