ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

Security: Stagefright Vulnerability (Android)

<< < (3/3)

ewemoa:
Thanks for sharing.

Came across this:

Google today released to open source a new patch for the infamous Stagefright vulnerability found in 950 million Android devices after researchers at Exodus Intelligence discovered the original patch was incomplete and Android devices remain exposed to attack.

“We’ve already sent the fix to our partners to protect users, and Nexus 4/5/6/7/9/10 and Nexus Player will get the OTA update in the September monthly security update,” a Google spokesperson told Threatpost. Last week at Black Hat, Google announced that it would begin monthly OTA security updates for Nexus, and that Samsung and LG also committed to providing carriers with regular updates.

--- End quote ---

via https://threatpost.com/stagefright-patch-incomplete-leaving-android-devices-still-exposed/114267

xtabber:
OTA's to fix the vulnerability have already gone out - got them yesterday on both Nexus 7 (2013) and Nexus 10.  The original Nexus 7 (2012) and older Nexus devices are no longer on the Android update schedule and will not be getting patches from Google.

Innuendo:
AT&T pushed out an OTA for the Samsung Galaxy S5 a week or two ago that patches the vulnerability as well.

However, I haven't heard anything about any pending fixes to Certifi-Gate, though. :(

ewemoa:
Personally I'm waiting for:
CM11 will see these updates hit as part of out of band fixes this weekend (these releases occur weekly).

--- End quote ---
-ewemoa (July 28, 2015, 06:14 PM)
--- End quote ---

Finally got this within the last few days.

ewemoa:
Further Stagefright-related patches (plus others) included in recent update:

The most severe of these issues is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files.

--- End quote ---

via https://groups.google.com/forum/#!topic/android-security-updates/_Rm-lKnS2M8

IIUC, these are related, but not the same as originally reported.

Navigation

[0] Message Index

[*] Previous page

Go to full version