Samsung suddenly proved this month that it can speed up its update schedule if it wants to. Following Google’s warning this week that attacks are now exploiting a serious Android security flaw, the race is on to provide users with the fastest updates.

But that’s not the true story. real The story is that the US government is requiring users to update their phones by August 28 or turn them off completely.

The U.S. cybersecurity agency added Google’s newly discovered zero-day vulnerability to its catalog of known exploited vulnerabilities, warning that it “allows remote code execution.” It then urged federal employees to install the fix by August 28 or “cease using the products if mitigations are not available.”

ForbesGoogle announces Play Store changes before app is deleted in 21 daysFrom Zak Doffman

Samsung isn’t letting up. Multiple reports (1,2) are coming in now that the usual updates by device, region and carrier are in full swing. And US users are, unsurprisingly, at the center of this frenetic activity (1,2). After several months of ponderous updates that dragged on for weeks, this is a welcome change – even if it’s still early and many more devices still need to be reached.

There’s another reason why this August update is so important. This latest vulnerability is the second Android zero-day vulnerability to compromise Samsung devices in the past 12 weeks. The first was also fixed in the company’s August security update. The fact that there are two zero-day vulnerabilities, both on CISA’s alert list, and both fixed in a single monthly security update is unusual to say the least. It’s no surprise that the update was pushed out so quickly.

While the update is urgent, there is no reason for undue concern at this point. Google says, “There are indications that CVE-2024-36971 may be exploited in a limited and targeted manner,” meaning the attack is likely still in its early stages and being used against a very specific list of targets. However, nothing is certain yet.

The bigger problem is that this kind of sophisticated exploit has a habit of finding its way into the wider market and becoming more widely distributed anyway. This is probably already the problem with the earlier zero-day that Samsung is only now patching.

ForbesGoogle releases important new Chrome update – 1 billion Windows users must install itFrom Zak Doffman

I’ve been critical of Samsung’s ponderous updates over the past few months, so I welcome the urgency this time around. This will set a new benchmark for what can be done when needed, and it would be good to see a compressed schedule each month.

The open question is whether Samsung is updating devices outside of its normal schedule — those that don’t need to be updated this month. If it isn’t, the law requires the devices in the hands of federal officials to be turned off. I asked Samsung if it is updating the devices that aren’t on schedule.

Stay tuned.