http://www.cnet.com/news/researcher-finds-mother-of-all-android-vulnerabilities/
Well its unlikely that an exploit will actually be used, anyone know if Asus has this under control?
cmendonc2 said:
http://www.cnet.com/news/researcher-finds-mother-of-all-android-vulnerabilities/
Well its unlikely that an exploit will actually be used, anyone know if Asus has this under control?
Click to expand...
Click to collapse
If not them, some dev will have it fixed sooner or later...
I think it will be google that has to patch it. They will then release a new version of android like 5.1.2 or 5.1.3 and then asus would have to make a new build with that version of android im sure. Or they could build the patch into whatever patch they are using for that version android.
Snakes200 said:
I think it will be google that has to patch it. They will then release a new version of android like 5.1.2 or 5.1.3 and then asus would have to make a new build with that version of android im sure. Or they could build the patch into whatever patch they are using for that version android.
Click to expand...
Click to collapse
If you read the article it states that the problem in patching lies in the companies not pushing the patch out quickly or at all...
Once google releases a patch you can be assured that the patch will be made available, especially for a big problem, with the devs doing all the work.
You may need to be rooted and have xposed installed but a fix will be made available...
ZF2 uses x86 CPU. So, special exploit has to be made for x86 phones. The majority of Android phones is ARM. So, no one will write exploit just for few phones (unless it's targeted for specific person's phone). And it's unclear if this vulnerability exists in x86 (and can be easily exploited).
Related
Now it appears that our beloved Z1C does not get an Android 6 Stock ROM, I am wondering how long Sony will support our device with security patches.
At least for me, my Z1C is far from "end-of-life" but I am becoming worried that Sony thinks otherwise which could mean that we end up with a vulnerable phone full of unfixed security bugs...
Does anybody know if we have any guarantee from Sony that security vulnerabilities in the Sony stock ROM for the Z1C will get patched or updated? And if so, for how long?
dvandyck said:
Now it appears that our beloved Z1C does not get an Android 6 Stock ROM, I am wondering how long Sony will support our device with security patches.
At least for me, my Z1C is far from "end-of-life" but I am becoming worried that Sony thinks otherwise which could mean that we end up with a vulnerable phone full of unfixed security bugs...
Does anybody know if we have any guarantee from Sony that security vulnerabilities in the Sony stock ROM for the Z1C will get patched or updated? And if so, for how long?
Click to expand...
Click to collapse
I believe .236 may have been the last update.
Someone correct me if I am wrong?
kxf41 said:
I believe .236 may have been the last update.
Someone correct me if I am wrong?
Click to expand...
Click to collapse
I am also running 14.6.A.1.236 and try to protect my device with
Avira Anti-Virus
and
Android Vulnerability Test Suite (AndroidVTS).
Unfortunately, the latter App is removed from Google Play because it crossed some Android OS security boundaries in some of their tests but it can still be downloaded from GitHub:
https://github.com/nowsecure/android-vts/releases
For the moment, the 14.6.A.1.236 build has no vulnerabilities known to AndroidVTS but the real test will be the day that a vulnerability is found in this build...
dvandyck said:
I am also running 14.6.A.1.236 and try to protect my device with
For the moment, the 14.6.A.1.236 build has no vulnerabilities known to AndroidVTS but the real test will be the day that a vulnerability is found in this build...
Click to expand...
Click to collapse
https://labs.duosecurity.com/xray/
This app also find vulnerabilities, and only CVE-2016-0808 is found on 14.6.A.1.236.
Really hope sony upgrade z1c to use Android security patch level.
http://www.xda-developers.com/9-yea...-dirty-cow-can-root-every-version-of-android/
Has anyone tried to get this to work?
I assume Dirty Cow will work with virtually all Linux implementations (desktop or mobile, whatever) until it's patched with a kernel update. I can't imagine there's anything special about the Axon 7 to exclude it from that list...yet. If ZTE is paying attention, they might update the kernel sooner than later. I'm assuming it's too late for the upcoming update for the U variant, but I would assume they'll have it patched in the Nougat release. Maybe.
This is great news for folks with phones that have little or no dev support. A Towelroot-esque tool could be made pretty easily and I wouldn't be surprised to see one pop up in the next couple of weeks.
There is a POC video already on an HTC device, however this would be just step one since we still have to deal with SE Linux and Secure Boot. But it would be workable to temp root until reboot i guess.
Security patches for both my stock Pro3 and S3, US versions, are woefully out of date.
Any update in the works? My old Note 4's are still getting them!
Latest Chinese 26s' security patch is still October 2016...
voidcomp said:
Security patches for both my stock Pro3 and S3, US versions, are woefully out of date.
Any update in the works? My old Note 4's are still getting them!
Click to expand...
Click to collapse
LeEco is going through tough times, and their US staff was affected. Vizio is demanding money, they sold their US HQ, etc. I don't think fast updates is a priority for them right now, especially if they're in debt.
http://www.androidpolice.com/tags/leeco/
The latest update for the US variant is 21s, which includes the January patch. If you want the July patch you'll have to use a custom ROM, because no one knows what the future holds for LeEco's US branch.
Ace42 said:
LeEco is going through tough times, and their US staff was affected. Vizio is demanding money, they sold their US HQ, etc. I don't think fast updates is a priority for them right now, especially if they're in debt.
http://www.androidpolice.com/tags/leeco/
The latest update for the US variant is 21s, which includes the January patch. If you want the July patch you'll have to use a custom ROM, because no one knows what the future holds for LeEco's US branch.
Click to expand...
Click to collapse
So a custom ROM would allow me to somehow manually patch a security update or the ROM developer releases updates which include the patch?
Custom rom has the latest security patch
Sent from my LEX727 using XDA-Developers Legacy app
Hello, I just got the notification to update my Blu R1 HD, the version of the update is v 9.2.
Someone already updated? is stable?
Thank you
Yes it's stable, no changes except the April 2018 Android Security Updates.
I'm very surprised Blu is still sending out updates for this almost 2 year old device, that's better then some major brands!
Vulnerability said:
Yes it's stable, no changes except the April 2018 Android Security Updates.
I'm very surprised Blu is still sending out updates for this almost 2 year old device, that's better then some major brands!
Click to expand...
Click to collapse
Don't give them too much credit. They are just attempting to make up for the numerous security debacles that they had with most of their phones in 2016 and 2017. Plus the security update is from Google, not Blu.
Blu likely only pushed the update to stay on good terms with the FCC. Who recently put Bans on Huawei, and ZTE. Why else would they update a two yr old phone, when they cannot provide promised nougat updates for several phones.
They are not reputable, they published marketing literature, made claims on social media sites, and in interviews where they promised nougat updates for phones released in 2017 that came with Android 6.0
A year later no updates.
I understand that Miui 9 can be installed on this phone. If I can figure it out I will share the files here.
Will there be a modified version of 9.2 for people with rooted phones?
Thanks!
yaconsult said:
Will there be a modified version of 9.2 for people with rooted phones?
Thanks!
Click to expand...
Click to collapse
put it out last week.
only did modified patch.
you need to be on fully stock v9.0 then flash this patch
https://forum.xda-developers.com/showpost.php?p=76455352&postcount=289
mrmazak said:
put it out last week.
only did modified patch.
you need to be on fully stock v9.0 then flash this patch
https://forum.xda-developers.com/showpost.php?p=76455352&postcount=289
Click to expand...
Click to collapse
I guess I am not stock since I am rooted and running xposed and removed ads.
So am I correct that to apply this update I should re-flash your 9.0 full ROM and then run your updater script before installing su and xposed and running the commands to delete the ads?
Thanks!
yaconsult said:
I guess I am not stock since I am rooted and running xposed.
So am I correct that to apply this update I should re-flash your 9.0 full ROM and then run your updater script before installing su and xposed?
Thanks!
Click to expand...
Click to collapse
Yes. Look at the last couple post on the modified stock romntjread. Confirmed installs of the patch from stock v9. They went the long way and "de-bloated, un-rooted, etc".
Re flash v9 then the patch should be fine.
8 still need to edit the first post over on that thread to add this patch.
Vulnerability said:
I'm very surprised Blu is still sending out updates for this almost 2 year old device, that's better then some major brands!
Click to expand...
Click to collapse
tsongming said:
Don't give them too much credit. They are just attempting to make up for the numerous security debacles that they had with most of their phones in 2016 and 2017. Plus the security update is from Google, not Blu.
Click to expand...
Click to collapse
I guess it's rather Amazon than Blu, since there are no updates for the retail ("non-prime") version...
lem22 said:
I guess it's rather Amazon than Blu, since there are no updates for the retail ("non-prime") version...
Click to expand...
Click to collapse
You can buy a LeEco S3 for $89 it has 3gb ram,Snapdragon 652 ( 8 core processor) 32gb hard drive, 1080*1920 resolution, 3000mah battery and about 30 working custom Roms. We have 4 leecos in our house 2 LePro 3s and 2 Se3s.
I just sold one of my Blu R1s for $50, almost pays for an SE3. Blu should embrace the developing community and release the source code to these phones, imagine the respect they would get.
Sent from my LEX727 using XDA Labs
Hi, I don't know how to update my stock R1 HD, I had only updated it from the same cell phone to version 8.4 but it only indicates that there are no more updates available, how then can I put this version 9.2? thanks
Sony released remote play for all Android phones this week with compatibility from Android 5.0 onward but it's recommend to have Android 10 to use a DS4 due to better compatibility drivers. Is there any chance you could rip the drivers from the OnePlus 7 or 7 pro on OOS 10 put them in a zip and flash them through TWRP or magisk?
I think you just need to wait since the official update is coming this month of October.
Graffiti Exploit said:
I think you just need to wait since the official update is coming this month of October.
Click to expand...
Click to collapse
Not to argue specifics but the beta comes out this month and the full release is next month. But I understand your point. I still want to know if it's possible to do it though.
Drivers are in the kernel in Linux based systems. You can't just 'rip' the drivers. You have to find a kernel Dev willing to work this with a soon deprecated Android version... with yet unpublished oos kernel sources, only AOSP ones. Not easy
That's why it will be more easy to wait beta / official OOS. Or perhaps be ready to try one of the Android 10 ROMs floating around there
Striatum_bdr said:
Drivers are in the kernel in Linux based systems. You can't just 'rip' the drivers. You have to find a kernel Dev willing to work this with a soon deprecated Android version... with yet unpublished oos kernel sources, only AOSP ones. Not easy
That's why it will be more easy to wait beta / official OOS. Or perhaps be ready to try one of the Android 10 ROMs floating around there
Click to expand...
Click to collapse
Understandable thanks for the answer, I thought it was more like the adreno drivers that you could update through TWRP or magisk I forget which one I just remember doing it on my V20.