(blog.exodusintel.com)

387 points pedro84 | 1 comments | 26 Jul 17 19:51 UTC | HN request time: 0s | source

Show context

shock ◴[26 Jul 17 20:14 UTC] No.14859838[source]▶

>>14859602 (OP) #

This is kind of scary :(. How does one ensure that they aren't vulnerable to this bug?

replies(7): >>14859911 #>>14859922 #>>14859950 #>>14860039 #>>14860460 #>>14860969 #>>14861222 #

ben1040 ◴[26 Jul 17 20:33 UTC] No.14860039[source]▶

>>14859838 #

If your Android OEM has pushed the July 2017 security update to your device, you're patched.

https://source.android.com/security/bulletin/2017-07-01#broa...

replies(1): >>14860094 #

yodon ◴[26 Jul 17 20:38 UTC] No.14860094[source]▶

>>14860039 #

Out of curiosity, what fraction of Android OEMs push these security updates promptly (or equivalently what fraction of Android phones receive these kind of updates regularly)?

replies(2): >>14860468 #>>14860479 #

ben1040 ◴[26 Jul 17 21:18 UTC] No.14860468[source]▶

>>14860094 #

This page has a table of OEMs/devices that, as of the end of May, were fewer than 60 days behind on patches.

https://android-developers.googleblog.com/2017/06/2017-andro...

To me, the takeaway from this is that unless you are using a "flagship" device, or one sold directly by Google, you're probably not getting updates in a timely manner.

replies(3): >>14860737 #>>14861434 #>>14861849 #

JepZ ◴[26 Jul 17 23:49 UTC] No.14861434[source]▶

>>14860468 #

And yet another time we learn why it is better to use Lineage OS. Five year old Samsung S3:

  Android: Version 7.1.2
  Security Patch Level: 5th July 2017

replies(5): >>14861794 #>>14861921 #>>14862149 #>>14862780 #>>14867992 #

1. ◴[27 Jul 17 01:02 UTC] No.14861794[source]▶

>>14861434 #

↑

Remotely Compromising Android and iOS via a bug in Broadcom's WI-FI Chipsets