All smartphone users must update nowgettySo, this is interesting. Whether youre an iPhone or Android user, you need to update your phone right away. Google and Apple have warned that attacks are underway, both quickly releasing security updates. Now theres a 3 week deadline to install those updates to ensure you are protected from the new attacks.The deadline comes by way of Americas cyber defense agency. Its a legal mandate for all federal employees to update or stop using unpatched phones, but its also a warning for everyone else to follow suit. CISA says it operates to help every organization better manage vulnerabilities and keep pace with threat activity.Androids deadline came first, and all phones should be updated by February 26. Google says CVE-2024-53104 may be under limited, targeted exploitation. Now iPhone users must update by March 5th, with Apple warning CVE-2025-24200 may have been exploited in an extremely sophisticated attack against specific targeted individuals.The attacks against both Androids and iPhones follow a similar theme. While Google gave little away, security specialist GrapheneOS attributed the new attacks to one of the USB bugs exploited by forensic data extraction tools.MORE FOR YOUThe iPhone threat is similar, with Apple describing it as a physical attack [that] may disable USB Restricted Mode on a locked device. That restriction is designed to frustrate physical forensics tools plugged into phones to extract data. It kicks in when an iPhone has been locked for an hour or more. Theres a quiet battle taking place between phone manufacturers and forensic tool providers, as seen when iPhones mysteriously rebooted when pulled out of police storage lockers.The fix is simple for iPhone users. Just make sure your phone is updated to iOS 18.3.1 at a minimum. Pixel users have also now been issued a fix with Androids February update. The situation for Samsung is more complex. The fix was not included in their own February update, albeit it may be rolling out behind the scenes. But that has not been officially confirmed, and so the deadline will be missed.If the optics of Android and iPhone users being under simultaneous U.S. government update mandates is not bad enough, Windows users have also joined the zero day party. This is less unusual, as zero-days have become a running theme with Microsofts Patch Tuesday updates for several months running now.Just as with iPhones and Androids, Windows 10 and Windows 11 users also have a CISA deadline to hit or stop using PCs. In this case, thats March 4th. There are two Windows vulnerabilities under attack, one impacts storage, risking a device being destabilized. The other is likely combined with other exploits to elevate an attackers privileges and potentially enable them to hijack a device.Whatever combination of Androids, iPhones or PCs youre running, just make sure you update all your devices as soon as you can. You have been warned.