Most active commenters

    ←back to thread

    Google confirms Android attacks; no fix for most Samsung users

    (www.forbes.com)
    208 points mohi-kalantari | 29 comments | 08 Dec 25 16:32 UTC | HN request time: 0.74s | source | bottom
    1. kelnos ◴[08 Dec 25 17:23 UTC] No.46194974[source]
    > This [update] was rushed out to all Pixel users.

    Pixel 8 here, still don't have the update. That's... not great.

    replies(5): >>46195375 #>>46195626 #>>46196084 #>>46196620 #>>46197184 #
    2. nervysnail ◴[08 Dec 25 17:51 UTC] No.46195375[source]
    I'd suggest you to use GrapheneOS.
    replies(2): >>46196635 #>>46196684 #
    3. jeffbee ◴[08 Dec 25 18:10 UTC] No.46195626[source]
    Just go to the software update, touch the button, then touch it a second time, and that will give you all available updates immediately, regardless of your random position in the rollout process.
    replies(4): >>46195812 #>>46196639 #>>46196681 #>>46205670 #
    4. Terr_ ◴[08 Dec 25 18:26 UTC] No.46195812[source]
    Not working for me on Android 16, additional taps of the "Check for update" button in the bottom-right don't change the fact that it says "Your system is up to date" and that the last change was last month.
    replies(2): >>46195915 #>>46196270 #
    5. jeffbee ◴[08 Dec 25 18:34 UTC] No.46195915{3}[source]
    Could be model-specific. I got the update by doing that manually on my Pixel 8 Pro, that also happens to be on the beta track so there are a few confounders. But that is the way to get the latest software that is waiting to be released to your phone, without waiting.
    6. int0x29 ◴[08 Dec 25 18:49 UTC] No.46196084[source]
    I think your carrier hasn't approved it yet. T-mobile seems to lag on these things. I also can't seem to find a system update. A Google Play system update does seem to exist
    replies(1): >>46196598 #
    7. mrgoldenbrown ◴[08 Dec 25 19:04 UTC] No.46196270{3}[source]
    I see same behavior on my 8.
    8. freitasm ◴[08 Dec 25 19:36 UTC] No.46196598[source]
    We have an OS security update that is only release to users of a specific hardware, once approved by their mobile operator. It may be added to vendor-specific OS versions some time later (weeks, month or never). The vendor-specific may not be approved by a telco if the vendor doesn't have a relationship with that telco.

    Now think that millions of people use the same OS on many different flavours, on different hardware, on multiple operators.

    What an inneficient way of doing things.

    replies(1): >>46197761 #
    9. 2OEH8eoCRo0 ◴[08 Dec 25 19:37 UTC] No.46196620[source]
    My friend is still on the Pixel 2. Are they affected?
    replies(1): >>46196759 #
    10. fluidcruft ◴[08 Dec 25 19:39 UTC] No.46196635[source]
    How quickly did GrapheneOS roll out the update?
    replies(2): >>46196701 #>>46201064 #
    11. fluidcruft ◴[08 Dec 25 19:39 UTC] No.46196639[source]
    I don't see it yet either and have mashed it a bunch (Pixel 7, T-Mobile). Says it's running October's update with no updates available.
    12. Fishkins ◴[08 Dec 25 19:43 UTC] No.46196681[source]
    I had the same experience as peer comments. I'm on Pixel 8 and Google Fi. When I check for updates, I'm told I'm up-to-date with the last update being over a month old.
    13. Cantinflas ◴[08 Dec 25 19:43 UTC] No.46196684[source]
    Is the patch already available for GrapheneOS?
    replies(2): >>46199162 #>>46205767 #
    14. throawayonthe ◴[08 Dec 25 19:45 UTC] No.46196701{3}[source]
    Three days ago.

    https://grapheneos.org/releases#2025120400

    https://github.com/GrapheneOS/platform_manifest/releases/tag...

    https://grapheneos.social/@GrapheneOS/115666650605430196

    not sure how soon it made it to a majority of devices, but i do have it rn

    EDIT: I was wrong, it's actually first mentioned in https://grapheneos.org/releases#2025102200

    oct 22? https://github.com/GrapheneOS/platform_manifest/releases/tag...

    replies(1): >>46197312 #
    15. petee ◴[08 Dec 25 19:52 UTC] No.46196759[source]
    Pixel 2 stopped getting updates almost 5 years ago
    replies(1): >>46197952 #
    16. josephcsible ◴[08 Dec 25 20:25 UTC] No.46197184[source]
    You can manually download the full OTA from https://developers.google.com/android/ota#shiba and install it with adb.
    17. ◴[08 Dec 25 20:37 UTC] No.46197312{4}[source]
    18. rs186 ◴[08 Dec 25 21:16 UTC] No.46197761{3}[source]
    I never understood why a mobile operator has any say in when to apply security patches?

    Does it happen with iPhones?

    replies(2): >>46198149 #>>46200686 #
    19. tremon ◴[08 Dec 25 21:34 UTC] No.46197952{3}[source]
    That doesn't answer the question.
    replies(1): >>46198487 #
    20. SamaraMichi ◴[08 Dec 25 21:50 UTC] No.46198149{4}[source]
    iOS updates are not limited by the operator.
    replies(1): >>46206089 #
    21. sva_ ◴[08 Dec 25 22:26 UTC] No.46198487{4}[source]
    There are two kinds of people:

    1. Those who can extrapolate from incomplete information

    replies(1): >>46207541 #
    22. aussieguy1234 ◴[08 Dec 25 23:31 UTC] No.46199162{3}[source]
    According to above comments, it was added 3 days ago. I'm updating to the latest release now.
    23. snailmailman ◴[09 Dec 25 02:46 UTC] No.46200686{4}[source]
    Nope. When a new iOS update comes out, all supported devices may immediately install the update if they seek it out. Or it will usually auto update on its own, or at least nag the user to update.

    It’s gotten slightly more confusing with the major updates now being optional. You get a choice between getting a feature update or just security patches. Unless I missed it, my phone never really asked me to update to the latest iOS 26. But I can, it’s there. I’m instead on the latest version of iOS 18. (They changed number schemes. 18 is last years major update)

    Apple also does security updates for quite a long time. iOS 15, from 2021, got a security patch in September of this year, and works on the iPhone 6s from 2015.

    24. AlgebraFox ◴[09 Dec 25 03:53 UTC] No.46201064{3}[source]
    Faster than Google. Literally.

    https://news.ycombinator.com/item?id=46173407

    25. voxic11 ◴[09 Dec 25 15:03 UTC] No.46205670[source]
    Thanks that worked, so weird that you have to do it twice...
    26. subscribed ◴[09 Dec 25 15:12 UTC] No.46205767{3}[source]
    It was made available in the end of OCTOBER in the special security preview channel.

    GoS has already deployed patches to some of the vulnerabilities you'll read about in January.

    All the partnering vendors have access to the same bulletins.

    Multi-billion companies like Samsung or Google had access to that since AT LEAST October. They chose to release these patches late. Some will release these patches months form now. Some, perhaps never.

    So, the tiny team wins.

    27. surajrmal ◴[09 Dec 25 15:38 UTC] No.46206089{5}[source]
    Is this true for updates that might affect the way it interacts with the network (eg baseband firmware updates)? I assume it's much easier for iPhones to decouple that layer from the rest of the OS, which isn't the case for Android/Linux.
    28. tremon ◴[09 Dec 25 17:14 UTC] No.46207541{5}[source]
    Please, feel free to extrapolate for me whether the "unspecified vulnerability" referenced in the article was introduced more or less than five years ago.
    replies(1): >>46221184 #
    29. petee ◴[10 Dec 25 18:09 UTC] No.46221184{6}[source]
    The point was the whole phone has been vulnerable to a multitude of RCEs for five years, so it doesn't really matter if its the latest exploit, its a silly request.