CISA Warns of Active Android Attacks – Update Now
▼ Summary
– The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a mandatory warning for federal staff, and a strong advisory for all users, to update their Android phones by December 23 or discontinue use.
– Google confirmed two critical Android vulnerabilities that could be exploited for remote denial-of-service attacks, warning they may be under limited, targeted exploitation.
– Samsung has its own set of three critical vulnerabilities, discovered by Google’s Project Zero team, which allow remote attackers to access out-of-bounds memory.
– Update rollout speed varies by manufacturer, with Google Pixels receiving fixes quickly while Samsung updates, especially for older models, will take longer.
– CISA maintains a vulnerability catalog to help organizations prioritize threats, but full technical details of the flaws are withheld until users have had time to update.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive for Android users to apply critical security updates by December 23 or cease using their devices entirely. This mandatory order for federal employees serves as a stark warning for all consumers, highlighting active threats targeting mobile operating systems. The warning follows confirmations from both Google and Samsung regarding severe vulnerabilities currently being exploited.
Google initially warned of two critical flaws, tracked as CVE-2025-48633 and CVE-2025-48572, which could allow remote attackers to cause a denial of service without needing special privileges. The company stated these issues “may be under limited, targeted exploitation.” While Google has assured that fixes will be distributed to all Android device manufacturers, the speed of that rollout depends heavily on each individual company and carrier. Samsung, as the market-leading Android manufacturer, confirmed its own set of three critical vulnerabilities discovered by Google’s Project Zero team, all patched in its December security update.
The severity of these vulnerabilities cannot be overstated. For Samsung devices, the three new flaws enable “remote attackers to access out-of-bounds memory.” They affect the same system library, libimagecodec.quram.so, that was behind a major emergency update from Samsung in October, which also prompted a CISA warning at that time. Notably, only one of the two vulnerabilities flagged by CISA appears on Samsung’s current patched list, leaving questions about the status of the other.
For federal staff, complying with the CISA directive is non-negotiable. The agency explicitly advises users to “update before the deadline or discontinue use of the product if mitigations are unavailable.” For the general public, this government mandate is the strongest possible signal to take immediate action. CISA maintains its vulnerability catalog to help organizations prioritize threats, and this latest inclusion underscores the real-world danger.
Update timelines will vary widely. Google Pixel devices typically receive patches most rapidly, with updates expected imminently. Samsung’s newest flagship models will likely follow within days. However, users of older or carrier-locked devices may face significant delays. In the interim, the security advice is clear: check for system updates repeatedly and apply them as soon as they appear. Failing to install these patches leaves devices open to confirmed attacks with potentially serious consequences.
(Source: Forbes)
