SoylentNews is people
SoylentNews
El Reg details developments surrounding the increasing worrisome state of Android security:
According to security company Rapid7, Google needs to rethink how it patches Android in the wake of initial botched attempts to resolve the Stagefright vulnerability.
The criticism comes as Google itself confirmed users of its Nexus devices – who are the first to get security fixes – won't be fully protected until September.
The Stagefright vulnerability for Android phones creates a means to infect devices simply by sending a booby-trapped MMS message. An estimated 950 million devices that run Android versions 2.2 through 5.1 are at risk. Version 4.1 and later have defences that mitigate, without eliminating, the possibility of a successful attack.
The Stagefright vuln, discovered by Zimperium, ultimately stems from flaws in code handling multimedia files.
Google released a six-pack update to resolve the Stagefright vulnerability last week, but it quickly emerged that one of the components was incomplete, so that even patched devices were still at risk.
These shortcomings have put back the whole security remediation process by weeks.
(Score: 1) by Francis on Wednesday August 19 2015, @03:03AM
AT&T pushed the update without explaining what the update was for and managed to unroot my phone in the process. And then I found out a day or two later that the fix wasn't even effective, so they've manage to increase the risk of damaging my phone while still failing to fix the problem.