All smartphones users must update now
So it’s interesting. Whether you are an iPhone or Android user, you need to update your phone immediately. Google and Apple have warned that the attacks are underway, the two quickly publishing security updates. Now there is a deadline for 3 weeks to install these updates to make sure you are protected from new attacks.
The deadline goes through American cyber-defense agency. It is a legal mandate for all federal employees to update or stop using uncorrected phones, but it is also a warning for everyone to follow the step. The CISA says that it operates “to help each organization better manage vulnerabilities and monitor the rhythm of threat activity”.
The Android deadline has come first, and all phones should be updated by February 26. Google said “CVE-2024-53104 may be under a limited and targeted exploitation.” Now iPhone users must update by March 5, with Apple Warning CVE-2025-24200 “may have been exploited in an extremely sophisticated attack against specific targeted individuals.”
Attacks on Androids and iPhones follow a similar theme. While Google has given little security specialist Grave Assigned new attacks to “one of the USB buckets exploited by medical-legal data extraction tools”.
The iPhone threat is similar, Apple describing it as “a physical attack [that] Can deactivate the limited USB mode on a locked device. This restriction is designed to frustrate the physical criminalic tools connected to phones to extract data. It starts when an iPhone is locked for an hour or more. There is a silent battle between telephone manufacturers and forensic tool providers, as we can see when iPhones “mysteriously restarted“When it was removed from the police storage lockers.
The corrective is simple for iPhone users. Just make sure your phone is updated to iOS 18.3.1 at least. Pixel users have also received a correction with the February update from Android. The situation for Samsung is more complex. The fix has not been included in their own February update, but it can be deployed behind the scenes. But that has not been officially confirmed, and therefore the deadline will be missed.
If the optics of Android and iPhone users being under the update of the simultaneous US government is not enough, Windows users have also joined the day zero day. It is less unusual, because the zero days have become a theme in progress with the updates of the Microsoft patch for several months in progress now.
As with iPhones and Androids, Windows 10 and Windows 11 users also have a CISA deadline to hit or stop using PCs. In this case, it is March 4. There are two Windows vulnerabilities under attack, there is an impact on storage, risking a destabilized device. The other is probably combined with other exploits to raise the privileges of an attacker and potentially allow them to divert a device.
Whatever the combination of Androids, iPhones or PCs you use, just make sure to update all your devices as soon as you can. You have been notified.
