El Reg details developments surrounding the increasing worrisome state of Android security:
According to security company Rapid7, Google needs to rethink how it patches Android in the wake of initial botched attempts to resolve the Stagefright vulnerability.
The criticism comes as Google itself confirmed users of its Nexus devices – who are the first to get security fixes – won't be fully protected until September.
The Stagefright vulnerability for Android phones creates a means to infect devices simply by sending a booby-trapped MMS message. An estimated 950 million devices that run Android versions 2.2 through 5.1 are at risk. Version 4.1 and later have defences that mitigate, without eliminating, the possibility of a successful attack.
The Stagefright vuln, discovered by Zimperium, ultimately stems from flaws in code handling multimedia files.
Google released a six-pack update to resolve the Stagefright vulnerability last week, but it quickly emerged that one of the components was incomplete, so that even patched devices were still at risk.
These shortcomings have put back the whole security remediation process by weeks.
(Score: 4, Informative) by hankwang on Wednesday August 19 2015, @08:26AM
My phone with CM11 (with Android 4.4.4) is vulnerable according to the Stagefright Detector app.
https://play.google.com/store/apps/details?id=com.zimperium.stagefrightdetector [google.com]
Avantslash: SoylentNews for mobile [avantslash.org]