Samsung confirms support cutoff for five Galaxy models as spyware zero day details emerge

Samsung users face a mixed security picture this week. Researchers at Palo Alto Networks Unit 42 disclosed that a previously unknown Android spyware, dubbed LANDFALL, exploited zero day CVE-2025-21042 in Samsung’s image processing library, likely delivered via malicious image files shared in messaging apps. Samsung patched the flaw in April 2025, and devices still on supported software are protected after installing current updates.

The risk remains for owners of handsets that have reached end of support. Samsung’s latest maintenance bulletin removes five models from the update program in November, ending both security and feature updates.

Models losing updates in November 2025

• Galaxy S20 FE

• Galaxy S20 FE 5G

• Galaxy M22

• Galaxy M52 5G

• Galaxy W22 5G

Once devices exit the schedule, newly discovered vulnerabilities can be exploited without a fix, including classes of attacks similar to LANDFALL. Security analysts note that Android has seen a rise in commercial grade spyware over the last year, with multiple zero day warnings and emergency patches across vendors.

What affected users should do

• Check the phone’s Software Update menu and install any remaining patches.

• Back up data, then plan an upgrade to a model still on Samsung’s monthly or quarterly security schedule.

• Reduce exposure in the interim by disabling install from unknown sources, reviewing app permissions, and avoiding unsolicited media files in messaging apps.

• Enable Google Play Protect and Samsung security features, and keep critical apps updated through official stores.

Samsung advises customers to consult the current update eligibility list to confirm support status and cadence for their specific model and region. Users of supported devices who have applied April 2025 or later security updates are protected against CVE-2025-21042.

Photo Credit: DepositPhotos.com