According to the CVE it looks like my XT8 is already updated beyond the affected version. It says through version 3.0.0.4.388_24609 and mine is version 3.0.0.4.388_24621.

I also noticed this vulnerability was posted on May 29th with the last update being June 13th. Seems like this a report that’s already outdated.

My understanding is that it is built into the price of the tier. I wonder if it could be argued that they are in breach of contract since it is included in the agreement when signing up.

I get mine free through ATT. Got the same email today.

Addition: Guess I shouldn’t complain too much since it’s free anyway