Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
All smartphone users must update now
So, this is interesting. Whether you’re an iPhone or Android user, you need to update your phone right away. Google and Apple have warned that attacks are underway, both quickly releasing security updates. Now there’s a 3 week deadline to install those updates to ensure you are protected from the new attacks.
The deadline comes by way of America’s cyber defense agency. It’s a legal mandate for all federal employees to update or stop using unpatched phones, but it’s also a warning for everyone else to follow suit. CISA says it operates “to help every organization better manage vulnerabilities and keep pace with threat activity.”
Android’s deadline came first, and all phones should be updated by February 26. Google says “CVE-2024-53104 may be under limited, targeted exploitation.” Now iPhone users must update by March 5th, with Apple warning CVE-2025-24200 “may have been exploited in an extremely sophisticated attack against specific targeted individuals.”
The attacks against both Androids and iPhones follow a similar theme. While Google gave little away, security specialist GrapheneOS attributed the new attacks to “one of the USB bugs exploited by forensic data extraction tools.”
The iPhone threat is similar, with Apple describing it as “a physical attack [that] may disable USB Restricted Mode on a locked device.” That restriction is designed to frustrate physical forensics tools plugged into phones to extract data. It kicks in when an iPhone has been locked for an hour or more. There’s a quiet battle taking place between phone manufacturers and forensic tool providers, as seen when iPhones “mysteriously rebooted” when pulled out of police storage lockers.
The fix is simple for iPhone users. Just make sure your phone is updated to iOS 18.3.1 at a minimum. Pixel users have also now been issued a fix with Android’s February update. The situation for Samsung is more complex. The fix was not included in their own February update, albeit it may be rolling out behind the scenes. But that has not been officially confirmed, and so the deadline will be missed.
If the optics of Android and iPhone users being under simultaneous U.S. government update mandates is not bad enough, Windows users have also joined the zero day party. This is less unusual, as zero-days have become a running theme with Microsoft’s Patch Tuesday updates for several months running now.
Just as with iPhones and Androids, Windows 10 and Windows 11 users also have a CISA deadline to hit or stop using PCs. In this case, that’s March 4th. There are two Windows vulnerabilities under attack, one impacts storage, risking a device being destabilized. The other is likely combined with other exploits to elevate an attacker’s privileges and potentially enable them to hijack a device.
Whatever combination of Androids, iPhones or PCs you’re running, just make sure you update all your devices as soon as you can. You have been warned.
