This update decision comes as a surprise.
AFP via Getty Images
Updated on Dec. 6 with a more detailed Android threat assessment and the news that Google has issued attack warnings for targeted users around the world.
Samsung has taken more than its fair share of criticism in recent months on the upgrade and update fronts. One UI 8 and now One UI 8.5 beta delays and a monthly security update that appears overly complex to users — users whose phones are out of action for a prolonged time when they do update, given the lack of seamless updates.
But here’s some good news. Per SammyFans, “Samsung has surprised Galaxy S21 users with another software update.” These are five-year-old devices that have now been relegated from monthly to quarterly updates. “But Samsung has now released three updates in just over three months.” And these are security fixes that matter.
The Galaxy S21’s latest firmware release “installs the November 2025 security patch, which improves system security and stability to provide a better Galaxy experience.”
ForbesSamsung One UI 8.5 Release—This Changes AndroidBy Zak Doffman
One of those improvements better protects the fingerprint sensor, preventing “unauthorized access.” Another is especially topical, enhancing the security of wired USB connections, which has become a major focus over recent months.
The USB defense “helps protect the phone when plugging it into different devices or chargers,” which defends against the controversial threat from juice jacking. This is when a public charging point is actually a computer, stealing data unlocked devices.
That’s topical because it’s holiday season, which means airports, hotels and response. Public charging points — just like public Wi-Fi — becomes a much bigger deal. As the world slows down mid this month, you will see plenty of warnings on social media to be careful where and how you charge your phone.
SammyGuru says the new update “is now live in Europe, carrying the firmware build version HYK1. It improves overall device security and system stability, ensuring a smoother and more reliable experience. Samsung previously revealed that the November 2025 SMR addresses over 40 vulnerabilities across the Galaxy lineup.”
These phones may be getting patched, but they’re not getting upgraded. They’ve reached the end of the road on that front. While it’s good news that security fixes are coming early, this won’t persist for long. If you have one of these phones, you should really upgrade to something newer that gets monthly updates as normal, not by exception.
Meanwhile, the more critical December security update has also started to deploy. Per SammyFans, the Galaxy-maker “has now started rolling it out for one of the popular Galaxy A series smartphones, the Galaxy A34 5G.”
December’s update is huge. There are more than a hundred fixes across core Android and Samsung specific platforms. More importantly, Google and CISA warn that two of the vulnerabilities patched this month are under active attack. As such, for a Galaxy device to be considered secure, it needs to receive December’s update as well.
Just as we saw in November, “Samsung is also focusing on providing the latest security patch this month for mid-range devices instead of flagships first.” That’s unusual, and likely to perplex those that have dropped $1500 or more on a device. The long-standing expectation has been that the most recent flagships are updated before anything else.
SammyGuru says the same. “We can confirm the availability of this month’s security maintenance release (SMR) for the Galaxy S34 5G in Indonesia. The update arrives with the firmware build version A346EXXSBEYK3 and doesn’t bring anything more than the latest security fixes. The device is already running One UI 8.”
No word yet whether the Galaxy S21 will get this new update as well. To be frank, if it does not, then it doesn’t matter it has November’s fixes, it will still be at risk. The Galaxy S21 Series does not make the official list for December’s update, but that hasn’t stopped these phones being updated in recent months and these fixes are urgent.
With perfect timing, the criticality of running a support phone has been perfectly illustrated with Google sending a “new round of cyber threat notifications to users around world.” Per Reuters, Google warned users “targeted using Intellexa spyware, which it said spanned ‘several hundred accounts across various countries’.”
While these attacks are very specifically targeted, as ever it’s these sophisticated exploits that have a nasty habit of filtering down into wider use if not addressed.
ForbesAndroid Warning—New Attack Unlocks Your Phone And Steals Your TextsBy Zak Doffman
And on that note, the urgency of December’s Android release for the wider user base is also driving headlines. “Your Android phone may be in critical danger — update it ASAP,” ZDNet says. “Google just gave you 107 reasons to update your Android phone, including high-severity vulnerabilities and several that are the worst of the worst.”
ZDNet explains the risks you run unless and until you apply the fixes to your phone: “An attacker who exploited any of these (critical vulnerabilities) could obtain higher privileges or access to an infected device, allowing them to take control of it.”
As good as it is that the Galaxy S21 has received some unexpected updated, this is a monthly game of cat and mouse that Google and Samsung and the rest of the Android ecosystem plays with commercial spyware makers and less sophisticated threat actors. Don’t leave your phone off support and at risk remains the best advice to follow.