While update warnings for iPhones and Androids are nothing new, there’s something different this time around. We have not seen this before. It has huge implications for the smartphone duopoly (putting Huawei aside given its unique security issues), and could be a game-changer for Pixel owners as the Android ecosystem changes.
Early this month, Google issued its February security update with a warning that “CVE-2024-53104 may be under limited, targeted exploitation.” Exactly one week later, Apple issued its own security update, with a warning that CVE-2025-24200 “may have been exploited in an extremely sophisticated attack against specific targeted individuals.
Google published little detail of the nature of Android’s vulnerability, albeit the write-up made clear it’s a video management issue that can trigger memory instability when handling unexpectedly-sized frames. Android security developer GrapheneOS filled in the gaps: “It’s likely one of the USB bugs exploited by forensic data extraction tools.”
And now to Apple, which was more forthcoming, describing its own vulnerability as “a physical attack [that] may disable USB Restricted Mode on a locked device.” As Bleeping Computer explains this time, this Restricted Mode “blocks USB accessories from creating a data connection if the device has been locked for over an hour. This feature is designed to block forensic software like Graykey and Cellebrite (commonly used by law enforcement) from extracting data from locked iOS devices.”
We know that forensic exploitation has become the bugbear of smartphone security across both ecosystems. You’ll recall Android’s multiple zero-days last year and the furor when Apple’s iPhones were found to be hiding a new defense mechanism against such extraction tools, “mysteriously rebooting” when pulled out of storage lockers.
Within a couple of days of Google’s warning, its update was made available to Pixel owners to patch and secure their devices. Apple’s own advisory was released alongside its software update — the usual everyone, everywhere approach. Not so other Android OEMs though. They must adapt the update for their own OS and then roll it out. As I’ve reported before, Samsung — Android’s largest OEM by far — did not include this zero-day in its February security bulletin and has not yet confirmed when the fix will roll out.
And so this month has been a watershed for the smartphone duopoly. Apple and Google, the only two manufacturers that control their software and hardware end-to-end, immediately controlled the narrative and secured their phones. But only those two.
When Android’s February update was released, I commented that this had likely set Pixel aside from other devices in a way that could be impossible to catch. Apple releasing a similarly themed update the same month reinforced that. As things stand, owners of iPhones and Pixels have been quickly and uniformly protected.
Pixel owners were first to Android 15 and its key security and privacy features, and are now first to Android 16. Samsung owners have not yet received an Android 15 upgrade, bar the new Galaxy S25 and a limited S24 beta. It seems that the wider Android project needs a rethink as to how this works longer term. With flagships now priced in the $1000 to $2000 range, waiting weeks or even months for updates does not seem viable.
