The update deadline is fast approaching.AFP via Getty ImagesSamsung has a problem. Unlike Google and Apple, Androids leading OEM does not control its hardware and software, which can be a disaster when it comes to updates. Weve seen this with long delays to Android 15, albeit thats finally imminent, and more critically we see it when urgent security patches are rushed out by Google. So it is with a critical update deadline thats fast running out, with no fix yet confirmed.First some good news. Samsung has now officially announced that the official rollout of One UI 7 will start April 7, albeit not for everyone. The update will be available starting with the Galaxy S24 series, Galaxy Z Fold6 and Z Flip6, gradually rolling out to more Galaxy smartphones and tablets. No word yet on what gradually means, but the Galaxy maker confirms that the Galaxy S23, Galaxy Z Fold5 and Z Flip5, the Galaxy Tab S10 series and the Galaxy Tab S9 series are all eligible for the upgrade.One UI 7 is an exciting upgrade. It enhances the whole Android experience, and brings a raft of new and improved security and privacy features as Samsung chases down Apples locked-down iPhone in the premium smartphone category. Awkwardly, the update schedule is already bumping up against Android 16s release, and so attention will immediately turn to One UI 8, in the hope thats a much quicker process.But this month we have also seen Google issue a warning to the Android ecosystem, with two vulnerabilities under active exploitation in the wild. One of these is a rerun of a fix first released last November, and so Galaxy phones received this (again) as part of the companys March update. But the other vulnerability is new, and while Pixels have already been patched, it was not included in Samsungs March release. The company has not yet responded to my request for a timeline, albeit April seems likely.Update deadline is March 25CISAThis vulnerability CVE-2024-50302 exposes phones to physical data extraction, as seen with multiple recent forensic attacks. Its part of a parcel of vulnerabilities behind Amnestys warning that a Serbian activists phone was successfully compromised. That phone, for what its worth, was a Samsung.The Linux kernel vulnerability prompted Americas cyber defense agency to mandate all federal employees to update their phones by March 25 or stop using them. Thats just a week from now. I have asked Samsung for an updated timeline on their own fix, but have yet to hear back. Unless its being quietly updated out of cycle, that CISA deadline is now impossible to hit for anyone running a Samsung phone.While the formal mandate only applies to government employees, CISAs mission is to shore up cyber defenses for all American organizations, public and private, and so the timeline applies to all. This is especially important given the nature of known attacks.Ironically, One UI 7 and Android 15 does make your phone more secure, and brings additional protections against physical device exploitation as well as blocking dangerous wireless networks. As such, in whatever order they come, the strong advice for all Galaxy owners is to apply all of these updates as soon as available.