Drive-by Android Malware Exploits Unpatchable Vulnerability 120
An anonymous reader writes "Attackers have crafted the E-Z-2-Use malware code that exploits a 14-month-old vulnerability in Android devices. The vulnerability exists in the WebView interface a malicious website can utilize it to gain a remote shell into the system with the permissions of the hijacked application. Vulnerable devices are any device that is running a version earlier than 4.2 (in which the vulnerability was patched) which is a staggeringly large amount of the market. The vulnerability is in Android itself rather than the proprietary GMS application platform that sits atop the base operating system so it is not easily patched by Google."
Re:errr that's Unpatched not Unpatchable (Score:4, Insightful)
Re:Fragmentation not an issue eh? (Score:5, Insightful)
Not saying my iphone is invulnerable, but my almost 4 year old iphone4 still gets patches.
The iphone 3GS was discontinued in september 2012 (as in up until sep 2012 people were still buying them new on 2 year contracts usually "free") and it isn't supported with ios7 released in september 2013 one year later.
Don't get me wrong, Apple is by far one of the best phone manufacturers out there for longevity of software updates for phones, but even they drop support on users who would still be under contract, only 1 year in.
As for android... that's not really an android vs ios thing, that Apple vs Samsung etc. There is nothing preventing a good Android manufacturer to provide patch longevity, and some phones have been well supported by some manufacturers.
But sure, again, I readily concede that a lot of android manufacturers have really dropped the ball there.
On the other hand, apple supports like 2 skus at a time. Android collectively covers dozens of skus available at any given time, all over the feature and price map and I prefer having that range of choices, even if some of the choices are crap.
This is why you unlock/root/ROM your phone (Score:4, Insightful)
If you're gonna get an Android phone and care at all about updates, before you spend ANY money make sure you can find instructions on how to unlock/root your phone as well as check the level of development of ROMs available for the phone. If the phone of interest is sufficiently popular that there's good instructions on how to unlock and root it and there's a reasonably healthy community involved in developing ROMs for it (and hence updates), then it's probably a good phone to get. Short of buying a Nexus, this is really the only way to guarantee that you'll be able to keep updating your phone as time goes on.
I bought my Samsung Galaxy S2 in February of 2012. My carrier (Telstra) has long forgotten about supporting my particular phone (I think the last official Telstra supported update was 4.1.2). However, I'm running 4.4.2 and can only run that due to the wonderful community that's still developing ROMs for this thing, long after corporate interest has dried up. I have absolutely no intention of replacing it until it breaks, since it's still quite fast and capable.