Samsung Is Rolling Out Its Big September Update - Here Are The Devices Getting It

In the third week of September, Samsung finally released the stable One UI 8 update based on Android 16, adding a bunch of new features and AI-powered tools to its smartphones. The massive update will be rolled out in batches to cover more phones in the coming months. Tagging alongside the feature update, however, Samsung has also released its September update that patches a bunch of security flaws, including a few "critical" tier vulnerabilities. Simply put, if your phone is currently on Samsung's monthly update cycle, install it on your phone as soon as it is available for download.

Following is a list of all the phones that are currently in line to receive the update this month:

• Galaxy Z Fold and Flip series (Fold4–Fold7, Flip4–Flip7, including FE and Special/W Editions)
• Galaxy S21 FE, Galaxy S22 series
• Galaxy S23 series
• Galaxy S24 series
• Galaxy S25 series
• Galaxy A56 5G
• Enterprise Models: Galaxy A53 5G, A54 5G, A55 5G, Tab Active5 Pro, XCover6 Pro, XCover7 (and Pro).

Additionally, if your Samsung phone is a tad older and has been demoted to security updates at a 3-month and 6-month cadence, check out the full list of phones that are in line to get the security-focused update. Moreover, smartwatches going as far back as the Galaxy Watch 4 family are in line to receive quarterly updates, which means they should also be getting patched in the coming weeks.

Samsung says it is rolling out the September software patch as part of its Security Maintenance Release (SMR) process, which includes software-side fixes by Samsung's core team as well as OS-level solutions contributed by Google's Android team. There are also nearly five dozen security vulnerabilities in the "high" severity category that have been plugged by the September update. While that is quite a sizeable number, the more worrisome part is the two "critical" tier vulnerabilities (CVE-2025-48539 and CVE-2025-27034).

According to Google's security bulletin, the CVE-2025-27034 vulnerability is linked to Qualcomm components such as the 5G modem fitted inside phones, the built-in FastConnect modems, and a whole bunch of processors in the Snapdragon series, from the low-end to the top-tier Snapdragon 8-series processors. The vulnerability can be remotely exploited and linked to memory corruption. Samsung told Forbes that it was aware of the exploit being out in the wild after it was originally reported by WhatsApp. The second vulnerability, CVE-2025-48539, would require no input from a Samsung smartphone user and would allow a hacker to remotely execute code on the target devices.

These two critical vulnerabilities affect devices running Android 16 and go as far back as Android 13. The task of patching these loopholes is pretty challenging for Samsung, especially for much older devices running a three or four-generation-old version of Android and may have even fallen out of the bi-annual security update cadence. Irrespective of the logistics challenges, you must update your phone as soon as you get the notification on your Samsung phone.