A critical zero-day vulnerability affecting Samsung Galaxy devices is being exploited in the wild. Attackers are using a specially crafted image file sent via WhatsApp to achieve remote code execution (RCE) without any user interaction (zero-click) as soon as the device processes the image preview.
Business Impact
This is a highest-severity threat to mobile fleets. It allows for silent, complete device compromise, enabling attackers to steal corporate data, track location, and activate microphones/cameras on executive or employee devices without their knowledge.
Why It Happened
The flaw lies in a proprietary Samsung image processing library used to render previews. It fails to properly validate image headers, allowing a heap overflow that can be triggered automatically by messaging apps.
Recommended Executive Action
Issue an immediate emergency directive to all employees with Samsung devices to disable “auto-download media” in WhatsApp and other messaging apps until a patch is released by Samsung and carriers. Monitor for official patch availability closely.
Hashtags: #Samsung #ZeroDay #ZeroClick #MobileSecurity #WhatsApp #RCE #CyberSecurity #InfoSec