Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Android Bug Cellphones Google Portables Security

Android Stagefright Bug Required 115 Patches, Millions Still At Risk (eweek.com) 50

eWeek reports that "hundreds of millions of users remain at risk" one year after Joshua Drake discovered the Stagefright Android flaw. Slashdot reader darthcamaro writes: A year ago, on July 27, 2015 news about the Android Stagefright flaw was first revealed with the initial reports claiming widespread impact with a billion users at risk. As it turns out, the impact of Stagefright has been more pervasive...over the last 12 months, Google has patched no less than 115 flaws in Stagefright and related Android media libraries. Joshua Drake, the researcher who first discovered the Stagefright flaw never expected it to go this far. "I expected shoring up the larger problem to take an extended and large effort, but I didn't expect it to be ongoing a year later."
Drake believes targeted attacks use Stagefright vulnerabilities on unpatched systems, but adds that Android's bug bounty program appears to be working, paying out $550,000 in its first year.
This discussion has been archived. No new comments can be posted.

Android Stagefright Bug Required 115 Patches, Millions Still At Risk

Comments Filter:
  • And yet... (Score:3, Informative)

    by Anonymous Coward on Saturday July 30, 2016 @02:41PM (#52613393)

    ...My Galaxy S4 has received NONE of these updates.

    Thanks, Sprint!

    • Re: (Score:2, Interesting)

      As much as I really hate Sprint and think they're easily the worst carrier by a cubic lightyear, that's more likely to be a Samsung problem. Samsung is downright shameful when it comes to updates, and furthermore they're the single biggest reason why iPhone lovers and other pundits think Android is buggy and laggy. I owned a Galaxy Note 4, and after that I'll never buy another Samsung phone again.

      • My unsupported Tab 10.1 is what put me in the same camp as you in regard to Samsung. The one and only update Samsung provided for it resulted in a bug that would cause any app to crash if you tried to copy anything you highlighted. Fixing that required rooting it so I could delete a corrupt database file - which I knew how to do because so many other people had the same problem. I might as well have just burned the money for all the use I got out of it (that wasn't the only flaw in the thing, just the worst

    • by jonwil ( 467024 )

      Even worse is when OEMs lock their phones so you cant install custom firmware from third parties that actually incorporates security fixes like this.

    • Buy a Nexus!

      Pure Google and monthly updates and no lag whiz or carrier crap. I love my 6p

  • Android Stagefright Bug Required 115 Patches....

    .....so far. Where there 115 patches, there is one more un-patched bug.

  • Lazy phone makers don't bother upgrading the OS on non flag ship models. Ya if you have a Nexus or a Samsung Galaxy you'll get the update. My Samsung Rugby (rugged) still using 4.4.2. Even when this bug dropped, everyone promised patches. Samsung said hey we released new phones. There's nobody forcing it to be patched on these unpatched phones.
  • by Ecuador ( 740021 ) on Saturday July 30, 2016 @04:33PM (#52613857) Homepage

    It is very strange that while Samsung phones that me and my wife used to have had were not updated much (especially the non-flagship devices), from the moment I tried the cheap Chinese Xiaomi I've been enjoying continuous updates to all devices, from flagship to budget (and this, along with other reasons, is why I am sticking with Xiaomi for the time being). E.g. your phone will be running Android 6.0.1 whether you have the latest flagship (Mi 5), or the previous flagship (Mi 4) or the flagship before that (Mi 3 from 2013) or their cheapest device from 2 years ago (Redmi 1S) etc. And all these cost 1/2 to 1/3 the price of the equivalent Samsung/LG etc.
    So, in this case buying "cheap Chinese" means you are the most protected from such issues. Yes, I know Xiaomi does not sell to most countries, I had to order it from a Chinese e-tailer who had an EU warehouse. And if you order from a Chinese e-tailer, whatever brand the phone it is almost guaranteed to be full of adware and spyware so your first move would be a clean install. Which is surprisingly easy on a Xiaomi, in fact you don't even have to use a PC - you can just go to the Xiaomi website to download the latest version, rename the file per the instructions, reboot in recovery mode and clean-install it! They even have dual boot - keeping a clean OS in case you screw up your regular installation.
    Sorry for the "ad", but I can't believe I have paid up to $600 in the past (or more if we include phones my company has provided me like the iPhone 6 Plus), when a $200-$250 phone has proved better IMHO in both hardware and software...

    • Re: (Score:3, Interesting)

      by Szeraax ( 1117903 )

      Based upon this post alone I am scared of those phones: http://forum.xda-developers.co... [xda-developers.com]

      But I really don't have enough knowledge to know.

      • by Ecuador ( 740021 )

        Well, that post is before Xiaomi turned the default of the "data sharing to improve experience" to off (you could set it to off yourself before) and also use of free services like the Mi cloud do share your details with Xiaomi as you should expect. But, for example, Microsoft sends more data, even if you say "no" to everything according to reports. And Xiaomi releases the kernel source of their OS, which is something Microsoft and Apple don't do. So I sort of take it for granted that whatever phone I have s

  • install and change it to be the default SMS/MMS app, open settings and disable auto-retrieving media messages
    https://f-droid.org/repository... [f-droid.org]

"Given the choice between accomplishing something and just lying around, I'd rather lie around. No contest." -- Eric Clapton

Working...