Stories
Slash Boxes
Comments

SoylentNews is people

posted by CoolHand on Wednesday August 19 2015, @12:56AM   Printer-friendly
from the infected-droid-armies dept.

El Reg details developments surrounding the increasing worrisome state of Android security:

According to security company Rapid7, Google needs to rethink how it patches Android in the wake of initial botched attempts to resolve the Stagefright vulnerability.

The criticism comes as Google itself confirmed users of its Nexus devices – who are the first to get security fixes – won't be fully protected until September.

The Stagefright vulnerability for Android phones creates a means to infect devices simply by sending a booby-trapped MMS message. An estimated 950 million devices that run Android versions 2.2 through 5.1 are at risk. Version 4.1 and later have defences that mitigate, without eliminating, the possibility of a successful attack.

The Stagefright vuln, discovered by Zimperium, ultimately stems from flaws in code handling multimedia files.

Google released a six-pack update to resolve the Stagefright vulnerability last week, but it quickly emerged that one of the components was incomplete, so that even patched devices were still at risk.

These shortcomings have put back the whole security remediation process by weeks.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.