Support for the Galaxy S7 ended last month, four years after the device made its debut. Despite this, Samsung just released one more update to the Galaxy S7 and S7 edge to fix a critical security vulnerability. The issue affects every single Samsung smartphone sold in 2014, and this new patch fixes the problem. The vulnerability allows a determined hacker to gain access to the system, possibly without the user's knowledge. It arose from a change Samsung made to Android that altered how the system handled .qmg files. All the attacker has to do is send multiple MMS messages with a specific image file to execute the exploit.
The May 2020 security patch fixes the issue. But since the Galaxy S7 series isn't covered anymore, PiunikaWeb on Samsung's forums discovered a new update that delivers the SVE-2020-16747 fix. And while it still has the April security patch attached to it, a Samsung moderator assures that the .qmg exploit fix is there. It isn't clear, though, if older Samsung flagships will get the same update.
Source: 9to5Google + MobileSyrup