In response to two critical security vulnerabilities that have been exploited in the wild, Samsung has accelerated the release of its August security update for certain older models. The urgency is fueled by confirmations from Google and formal government warnings, including inclusion in the U.S. cybersecurity agency's Known Exploited Vulnerabilities (KEV) catalog.

Initially, the first warning from the Cybersecurity and Infrastructure Security Agency (CISA) did not pertain to Samsung Galaxy devices, as it was believed to only impact Google's Pixel phones. However, as the vulnerability was found to affect other Android OEMs as well, the second CISA warning on August 7 applies to Samsung devices, with an update deadline set for August 28.

The impact of these vulnerabilities extends beyond federal employees, as other organizations are encouraged or obligated to follow suit with the update mandate. The potential threat posed by infected devices connecting to any public or private company is real and alarming.

To address these concerns, Samsung has swiftly released the August security update, although its usual approach means that not all Galaxy devices receive a security update every month. Some devices operate on a quarterly or bi-annual schedule. Despite the critical nature of this update, Samsung's response suggests that there will not be a universal application for August's update, leaving older devices in the hands of federal staff potentially at risk.

Meanwhile, Samsung has started rolling out the update to various countries worldwide, including markets in the Middle East, South East and Southern Asia, as well as New Zealand, South Africa, Kazakhstan, and Ukraine. It is important to recognize that these vulnerabilities put all phones at risk, regardless of location.

Notably, the update has also reached older flagship models such as the S21, and some versions of the relatively aged S20 are also receiving updates. However, there remains a distinction between devices on a monthly schedule and those that are not.

For users with older Galaxy devices that may miss the U.S. update deadline, updating hardware is crucial for their security. Cybernews has highlighted that over one billion Android devices are running on outdated operating system versions, leaving them vulnerable to disclosed vulnerabilities, including critical ones. This list now includes Samsung flagships since 2020, with the Samsung S20 series being particularly susceptible.

Samsung reassures users that it takes security issues seriously and has been rolling out security updates since August. However, the availability of updates may vary by model and network provider. The company strongly advises users to keep their devices updated with the latest software releases, emphasizing the importance of timely updates wherever possible.

As of now, there is no indication that there will be a deviation from the usual update schedule towards the end of the month. This means that older or less expensive Galaxy device owners in the U.S., who are employed by organizations following CISA's mandate, will face a significant issue come August 28.

Samsung's accelerated release of the critical August security update for older models signifies its commitment to address vulnerabilities promptly. However, the ongoing challenge lies in ensuring timely updates for all devices, irrespective of their release date or price point, in order to maintain user safety and protect against potential security breaches.