Check Point today disclosed details about a set of four vulnerabilities affecting 900 million Android smartphones and tablets that use Qualcomm® chipsets. The Check Point mobile threat research team, which calls the set of vulnerabilities QuadRooter, presented its findings in a session at DEF CON 24 in Las Vegas.
QuadRooter is a set of four vulnerabilities affecting Android devices built using Qualcomm chipsets. Qualcomm is the world’s leading designer of LTE chipsets with a 65% share of the LTE modem baseband market. If any one of the four vulnerabilities is exploited, an attacker can trigger privilege escalations for the purpose of gaining root access to a device.
Click to expand...
Click to collapse
Source: Check Point
I just ran Check Point's QuadRooter Scanner on my Z5, and it listed four vulnerabilities at present.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Model: E6653
Android version: 6.0.1
Android security patch level: April 1, 2016
Baseband version: 8994-FAAAANAZQ-00046-27
Kernel version: 3.10.84-v34, [email protected] #210
Build number: 32.2.A.0.253 (SG Customized)
Vulnerabilities:
* CVE-2016-2059
* CVE-2016-2504
* CVE-2016-2503
* CVE-2016-5340
I haven't done research on each vulnerability, but generally there's not much we can do as end users. The chipset vendor (Qualcomm) has to deliver fixed device drivers to the distributors/carriers in order to protect users from these vulnerabilities. In the past, we have seen some home-grown solutions to CVE vulnerabilities (e.g., StageFright), but I don't know off-hand if these vulnerabilities can be mitigated in such a way. This will hopefully just serve to make people aware that of these problems, which can be exploited without any special permissions on the Android platform. Be careful what you download/sideload!
I don't see it as a problem I see it as possible temp root for locked bootloader to fool Kernel checks
Sent from my E6653 using Tapatalk
the two Kernel fixes can be applied to our source:
https://github.com/zachariasmaladro...mmit/524bf18c672de33ce41593653876cbd597993429 [CVE-2016-2059] net: ipc_router: Bind only a client port as control port
https://github.com/zachariasmaladro...mmit/ed2fa29277ce37e6d3d3db48188db5e2d07e428d ashmem: fix CVE-2016-5340
great overview post, @xasbo thanks !
zippy01 said:
I don't see it as a problem I see it as possible temp root for locked bootloader to fool Kernel checks
Click to expand...
Click to collapse
If it can be used for temp root, it can just as easily be used for malware. Mobile browsing is more popular than ever; with the right mix of exploits or even just careless users, it is easy to take over a phone for nefarious purposes. I know how to be careful running unknown-source software, and maybe you do too, but the vast majority of people don't.
zacharias.maladroit said:
the two Kernel fixes can be applied to our source:
Click to expand...
Click to collapse
Nice to see you're on top of it! :good:
zippy01 said:
I don't see it as a problem I see it as possible temp root for locked bootloader to fool Kernel checks
Sent from my E6653 using Tapatalk
Click to expand...
Click to collapse
I agree with u ?
Sent from my E6633 using XDA-Developers mobile app
Though if we could get a temp root on LB we could always refine the method for a permanent root on LB. Then, on the post from whichever genius makes the permanent root, have a damn neon flashing sign saying "OKAY, GO PATCH THIS NOW" via another kernel (as already done above) or a software fix as part of the "tutorial" post that would eventually be made.
Any news about it?? ?
Enviado desde mi Z1 mediante Tapatalk
Quadrooter affected
http://forum.xda-developers.com/showthread.php?t=3435585
Pure crappy fake app with a png image promoting goglebley store apps.
Sent from my XT687 using xda premium
---------- Post added at 02:02 PM ---------- Previous post was at 02:00 PM ----------
Qualcomm Vulnerability - Possible Root?
http://forum.xda-developers.com/showthread.php?t=3435425
Qualcomm Vulnerability - Possible Root?
Sent from my XT687 using xda premium
---------- Post added at 02:03 PM ---------- Previous post was at 02:02 PM ----------
Sent from my XT687 using xda premium
Noticed that QuadRooter was updated within the last day or so, and the list vulnerabilities was reduced to:
* CVE-2016-2059
* CVE-2016-2504
Apparently it's not scanning for 5340 and 2503 anymore? It included a link to the ZoneAlarm blog instead.
Crap! I will bypass this HORRIBLE UV ANDROED 6
This is HORRIBLE LITERALLY!
THE WHITE REPUGNANT STYLE IS A MIRROR BY THE CHIT OF DAMN GOOGLE INC BLANK MIND!
I WILL BUY MY NEXT DEVICE
IN 30 YEARS, WHEN THE GOOGLE STUPIDS HAS CRASHED AND THE OS HAVES CONCURRENT >>LEGAL<< VARIANTS, AND ALL ZOMBIES ARE CURED AND STOPPED BE GOOGLE'S SLAVES AND SUCKERS!
Sent from my XT687 using xda premium
Related
Stagefright fix update rolling out in India .
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Source
I don't care about the Stagefright fix since the SMS app I use has had it for some time. I would like to get the night mode for my camera though. Hopefully, it will roll out here eventually.
harsinghal said:
Stagefright fix update rolling out in India .
Source
Click to expand...
Click to collapse
Which is the build number? Bc i have night mode but not the stagefright fix
Sent from my MotoG3 using Tapatalk
Tel864 said:
I don't care about the Stagefright fix since the SMS app I use has had it for some time. I would like to get the night mode for my camera though. Hopefully, it will roll out here eventually.
Click to expand...
Click to collapse
Stagefright affects more than just SMS. That is just to most well known way to exploit it. And many third party apps that fixed stagefright on their end do not include the second fix that Google recently pushed.
Build no? I'm on XT 1550 with LP123.72-47, and don't see any updates.(purchased last week from flipkart, factory installed build)
Dead Cookies leave no trails...
bozzykid said:
Stagefright affects more than just SMS. That is just to most well known way to exploit it. And many third party apps that fixed stagefright on their end do not include the second fix that Google recently pushed.
Click to expand...
Click to collapse
You need to read up on ASLR and not drink the kool-aid from Google. Like I said I don't worry that much about it and no one running Android 4 or later really needs to.
Sent from my GT-P5210 using Tapatalk
harsinghal said:
Stagefright fix update rolling out in India .
Source
Click to expand...
Click to collapse
can u post about phone screenshot after updating?
You already have the patch... Mine is different and I bought one month ago...
Sent from my MotoG3 using XDA Free mobile app
I received mine yesterday in my Moto G from Portugal/Spain version
https://www.dropbox.com/s/ev8w535wmv00qnx/Screenshot_2015-09-09-10-25-37.png
keb00 said:
I received mine yesterday in my Moto G from Portugal/Spain version
https://www.dropbox.com/s/ev8w535wmv00qnx/Screenshot_2015-09-09-10-25-37.png
Click to expand...
Click to collapse
How much is the size of the OTA?
---------- Post added at 12:33 PM ---------- Previous post was at 12:33 PM ----------
:good::good:
pawankonjarla said:
How much is the size of the OTA?
---------- Post added at 12:33 PM ---------- Previous post was at 12:33 PM ----------
:good::good:
Click to expand...
Click to collapse
If I'm not wrong was something like 180/200MB
I didnt get this update...
gauravssnl said:
I didnt get this update...
Click to expand...
Click to collapse
Just be patient. The update will make its way round.
I got this update just now.I have already unlocked bootloader and rooted phone & even flashed with TWRP recovery.So what should I do to update??is it necessary to flash phone with stock recovery??Help me out!
gauravssnl said:
I got this update just now.I have already unlocked bootloader and rooted phone & even flashed with TWRP recovery.So what should I do to update??is it necessary to flash phone with stock recovery??Help me out!
Click to expand...
Click to collapse
Yes it's necessary to be on stock recovery.
Also few users have reported bootloop after ota update on unlocked rooted Moto G3. So before uodating go through Q & A threads to avoid any such issue.
Sent from my SM-A800F using XDA Free mobile app
Bootloop
My Moto G3 is in this state. The bootloader is unlocked, I have updated via OTA and now it turns black after 2~3 seconds of the start of boot animation. Now I'm trying to download and install a stock ROM. Thanks, Motorola.
alexandrehdk said:
My Moto G3 is in this state. The bootloader is unlocked, I have updated via OTA and now it turns black after 2~3 seconds of the start of boot animation. Now I'm trying to download and install a stock ROM. Thanks, Motorola.
Click to expand...
Click to collapse
You can't blame Motorola for that, it is your fault for unlocking the bootloader. That is why they warn against it and you should always have a backup to flash before doing so.
Yes, I can't. But it doesn't hurt to explain better the reasons for their advise against the mods. As I understood, the problem was with TWRP recovery. If I knew about this before, I would simply had flashed the original recovery before allowing the OTA update.
Now I'm finally with my phone back to business
Sent from my MotoG3 using XDA Free mobile app
The update just showed up on my unlocked US retail version XT1540.
Here it is people, Sony is on fire recently, releasing firmwares after firmwares:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Some more details:
and good news :
Prerooted it with PRFCreator_v1.0 and have full system RW and root fully works :good:
Nuts XZDR v2.8.22 (flashed) doesn`t work but 2.8.21 (installer) is fine.
Same Kernel as the .200 build right?
Gesendet von meinem D6503 mit Tapatalk
No. Kernel seems to be newer than .200 kernel.
Nope, version is the same but different build date and signature so something has changed.
Which means the source for 200 is useless and we have to wait for 232 source ^^
Wonder if AndroPlus kernel with 200 source will work on this ROM ^^
If it works on 232 you can flash a 200 kernel for now or you can use [NUT]'s kernel builder
Here is the FTF for D6503.
D6503_23.4.A.1.232_Customized DE:
https://drive.google.com/file/d/0B0H81qsvg-aNYlN0bUlsVGxKMVE/view?usp=sharing
Have they fixed the Wifi issue with WMM Enabled Routers?
May I know what are the most noticeable changes with this from the previous 5.1.1 .546 build?
Well, waiting for flashable prerooted zip.
rychlin said:
Well, waiting for flashable prerooted zip.
Click to expand...
Click to collapse
I think it's very easy to do by yourself, no need to wait for other, I've done just for 5 minutes.
Please can anyone upload the file to somewhere other than Google Drive? I'm having the usual problem with failed downloads.
rychlin said:
Well, waiting for flashable prerooted zip.
Click to expand...
Click to collapse
RyTekk said:
I think it's very easy to do by yourself, no need to wait for other, I've done just for 5 minutes.
Click to expand...
Click to collapse
I created flashable prerooted zips already.
http://forum.xda-developers.com/showpost.php?p=63085756&postcount=1593
I'd suggest however that you start doing those firmwares yourself, it's just faster and easy enough nowadays.
What FW has less bloatware: US or Germany?
@ Jackos
nice one bud :good:
Now we have a stagefright 1.0 patch, it gets released that there is a stagefright 2.0...
Check out /scarse/ details here.
Sometimes technology sucks
gamer649 said:
Now we have a stagefright 1.0 patch, it gets released that there is a stagefright 2.0...
Check out /scarse/ details here.
Click to expand...
Click to collapse
which affects almost all devices running versions older than Android Lollipop. That said, don’t claim victory if your device is on Lollipop, as this new exploit combined with library elements from Stagefright 1.0 can also get you hacked.
Click to expand...
Click to collapse
Stagefright 2.0 targets the way Android processes the metadata of MP3 audio and MP4 video files. These files can be exploited when any app uses them, or even the Android system itself. This vulnerability can then trick device users into visiting a malicious website to complete the hack.
Click to expand...
Click to collapse
So... if you use MP3's from strange sources it's your own fault.
That's more dangerous with MP4 videos which are widely used for VideoStreaming
out for d6502 also
23.4.a.1.232
got this rom yesterday. seems fast and smooth.
stagefright 1 just required receipt of an mms message.
stagefright 2 much more difficult to do in practice.
be happy we have a fix
Jackos said:
I created flashable prerooted zips already.
I'd suggest however that you start doing those firmwares yourself, it's just faster and easy enough nowadays.
Click to expand...
Click to collapse
Does this work for FreeBSD and Linux users? Unfortunately I don't have a Windows pc or Windows licence.
Sent from my SGP311 using XDA Free mobile app
Just got this a few min ago
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Edit : Ok it might be the February patch but it is a new update none the less. sorry for the confusion.
Sent from my SM-G930T using Tapatalk
It's March
I think he read the Android security patch level, which is February, hence the title "February security update."
---------- Post added at 05:57 PM ---------- Previous post was at 05:42 PM ----------
In case you're wondering if this update contains a new bootloader that is unlockable, no dice.
CafeKampuchia said:
I think he read the Android security patch level, which is February, hence the title "February security update."
---------- Post added at 05:57 PM ---------- Previous post was at 05:42 PM ----------
In case you're wondering if this update contains a new bootloader that is unlockable, no dice.
Click to expand...
Click to collapse
I know I'm stating the current month this saying they are behind
I wouldn't update yet.
Yup, looks like APB6 was updated to APB8
papi5120 said:
Just got this a few min ago
Sent from my SM-G930T using Tapatalk
Click to expand...
Click to collapse
We already had the February security patch level and no this did not update us to March. So the thread title is misleading. Yes we got an update but no it was not a patch level update; however, the baseband version did change from APB6 to APB8
So... Note 3 will get 6.0.1?
joluke said:
So... Note 3 will get 6.0.1?
Click to expand...
Click to collapse
??? This is the T-Mobile Galaxy S7 forum. You need to ask that in the Help/Q&A section of the Note 3 forum.
I like how I started a thread about this update, hours before this one and mine got closed...with the typical "there's already a thread about this...." post. Lol cool bro way to tell time.
CafeKampuchia said:
??? This is the T-Mobile Galaxy S7 forum. You need to ask that in the Help/Q&A section of the Note 3 forum.
Click to expand...
Click to collapse
Weird. Tapatalk showed this topic in the note 3 section lol. Sorry
HTCMDA said:
I like how I started a thread about this update, hours before this one and mine got closed...with the typical "there's already a thread about this...." post. Lol cool bro way to tell time.
Click to expand...
Click to collapse
I'm guessing it's because this one was posted in the T-Mobile section. You posted yours in the S7 international section.
Will this effect the bootloader? Or any chance of root in the future? I also read this will help with the front camera and better battery life.
Kilroy672 said:
Will this effect the bootloader? Or any chance of root in the future? I also read this will help with the front camera and better battery life.
Click to expand...
Click to collapse
I would believe so. I know it changes the bootloader on the S7Edge. I WOULD DEFINITELY STAY AWAY FROM ANY UPDATES IF YOU WANT ROOT IN THE FUTURE. You could miss a potential vulnerability and not be able to revert back down.
Sent from my SM-G935T using Tapatalk
CafeKampuchia said:
I'm guessing it's because this one was posted in the T-Mobile section. You posted yours in the S7 international section.
Click to expand...
Click to collapse
there's also a thread in there that says update...with lots of att and tmo people chiming in... but i guess that's OK
any way to disable the tmo update service in the notification? cant disable service update app either.
T-Mobile has pushed out a new security update to both the Samsung Galaxy S7. with Android’s March security patches. the Android version remains 6.0.1 Marshmallow, but the Baseband version changes from G930TUVU1APB6 to G930TUVU1APB8.
Verizon is ready to roll out a similar security update for the S7.
js0uth said:
any way to disable the tmo update service in the notification? cant disable service update app either.
Click to expand...
Click to collapse
You need to set it to manually retrieve updates.
Sent from my SM-G930T using Tapatalk
molanjami said:
T-Mobile has pushed out a new security update to both the Samsung Galaxy S7. with Android’s March security patches. the Android version remains 6.0.1 Marshmallow, but the Baseband version changes from G930TUVU1APB6 to G930TUVU1APB8.
Verizon is ready to roll out a similar security update for the S7.
Click to expand...
Click to collapse
This update from this thread shows Baseband APB8, but only February security update. This has already been mentioned, and it appears your article is incorrect.
Sent from my E6683 using Tapatalk
Kilroy672 said:
Will this effect the bootloader? Or any chance of root in the future? I also read this will help with the front camera and better battery life.
Click to expand...
Click to collapse
Where did you read this will help with battery life?
http://www.verizonwireless.com/support/motorola-droid-ultra-maxx-update/
Current Software Update Benefits
Software Version: 24.21.7.obake_verizon.Verizon.en.US (Droid Ultra)
Software Version: 24.21.7.obake-maxx_verizon.Verizon.en.US (Droid Maxx)
The current software update gives you the most up to date Android™ security patch on your device.
Next steps and additional links:
Click to expand...
Click to collapse
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Still not a lollipop update.
Even lollipop is so old with the new android N news everywhere. This update fixes stagefright issue. At least,we got the newest security patch.
Sent from my XT1080 using XDA-Developers mobile app
I am very glad that Motorola and Verizon are giving some attention to our 'old fella' now. While it is sad that they did not give us L or M, at least they released the security update.
Kitkat is perfect for me.
I bought a X Play (Droid Maxx 2), it even performs worse than the Droid Maxx.
Sent from my XT1562 using XDA Labs
Hi.
Yesterday i updated the new Patch 24.21.7.obake-maxx_verizon.Verizon.en.US and now my phone restarting when i insert SIM.
when i pulled out the SIM card phone is working fine.
What the ****.....
Using Driod maxx Ultra
---------- Post added at 12:14 AM ---------- Previous post was at 12:05 AM ----------
[/COLOR]
jdawg334 said:
http://www.verizonwireless.com/support/motorola-droid-ultra-maxx-update/
Click to expand...
Click to collapse
huatz84 said:
Still not a lollipop update.
Even lollipop is so old with the new android N news everywhere. This update fixes stagefright issue. At least,we got the newest security patch.
Sent from my XT1080 using XDA-Developers mobile app
Click to expand...
Click to collapse
Were you rooted?...able to keep root after the update?
Thanks.
Good question @Mangu.
Im holding off on running the update myself.
Mangu said:
---------- Post added at 12:14 AM ---------- Previous post was at 12:05 AM ----------
[/COLOR]
Were you rooted?...able to keep root after the update?
Thanks.
Click to expand...
Click to collapse
Yes..My Maxx is rooted. It's safe and working fine after update.
Sent from my XT1095 using XDA-Developers mobile app
huatz84 said:
Still not a lollipop update.
Click to expand...
Click to collapse
Motorola said in February there would be no LP update.
http://www.techtimes.com/articles/1...unts-for-droid-turbo-2-and-maxx-2-instead.htm
And only 6 days to qualify for the $100 discount on a Turbo2 or Maxx2. (Mini users are SOL. No new options for a smaller device)
Took the update. Still rooted and everything works fine.
For those that went that route, Entitlement Bypass Apk still works as usual too.
But remember to restore the original recovery, instead of twrp.
Heh.. whups..
Sent from my XT1080 using XDA Free mobile app
where can i download this firmware on pc as a backup
So it's clear this was a update to there stagefright security patch that apparently took no affect in the SU6-7.3 update. Well I tested my bootloader unlock exploit and was unsuccessful. My kernel would not load and modules as expected. The Trustzone module wasnt loaded to the kernel so the SMC(Secure Monitor Call) couldn't be sent to the Secure world to Rewrite the DWord values. I think my kernel module needs to be recompiled and tested. If anyone is willing to risk a droid Ultra/Maxx/Mini on this bootloader exploit please DM me and I'll send you the details! Cheers! Posted by last Member to be working with droid Maxx developments ?
any best way to root the device having this update installed ???
As i am unable to root the device and stuck with KITKAT and wants to try Custom Roms.
Any help will be appreciated, Basically i am LG guy so dont know anything about MOTO.
SignatureBoy said:
any best way to root the device having this update installed ???
As i am unable to root the device and stuck with KITKAT and wants to try Custom Roms.
Any help will be appreciated, Basically i am LG guy so dont know anything about MOTO.
Click to expand...
Click to collapse
It's a security path, you should be fine downgrading
JH1108 said:
It's a security path, you should be fine downgrading
Click to expand...
Click to collapse
can you please guide me how to any easy way ???
LG and Samsung sure are the easiest i must say
Looking for SU6-7.7 fastboot file
bootloader/have 3 ultras willing to test/risk 2 of them
DROID_4_UsEr said:
So it's clear this was a update to there stagefright security patch that apparently took no affect in the SU6-7.3 update. Well I tested my bootloader unlock exploit and was unsuccessful. My kernel would not load and modules as expected. The Trustzone module wasnt loaded to the kernel so the SMC(Secure Monitor Call) couldn't be sent to the Secure world to Rewrite the DWord values. I think my kernel module needs to be recompiled and tested. If anyone is willing to risk a droid Ultra/Maxx/Mini on this bootloader exploit please DM me and I'll send you the details! Cheers! Posted by last Member to be working with droid Maxx developments
Click to expand...
Click to collapse
---------- Post added at 06:05 AM ---------- Previous post was at 06:01 AM ----------
[
phones are waiting for some help
---------- Post added at 06:08 AM ---------- Previous post was at 06:05 AM ----------
[email protected]
stan34658 said:
---------- Post added at 06:05 AM ---------- Previous post was at 06:01 AM ----------
[
phones are waiting for some help
Click to expand...
Click to collapse
Can i downgrade to su6-7 after taking this update? I want to root this phone and on another maxx i could downgrade from su6-7.3 to su6-7. Has anyone tried doing this?
There are many critical vulnerabilities patched by Google in the June update.
https://source.android.com/security/bulletin/2016-06-01.html
What can I do?
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
CmDaRkShAdOw said:
What can I do?
Click to expand...
Click to collapse
You are not infected, but affected. It is a big difference. Get a rom that is maintained, as opposed to abandoned....
optimumpro said:
You are not infected, but affected. It is a big difference. Get a rom that is maintained, as opposed to abandoned....
Click to expand...
Click to collapse
Hmm..I'm using dstrikerz1 but sp001(the newest version is sp002, but I prefer that) update is planned..changing rom will help? I never met that virus, so I don't know what to do right now.
CmDaRkShAdOw said:
Hmm..I'm using dstrikerz1 but sp001(the newest version is sp002, but I prefer that) update is planned..changing rom will help? I never met that virus, so I don't know what to do right now.
Click to expand...
Click to collapse
I don't think you fully understand: the only way to patch the vulnerabilities is to change the code and re-build the rom. No stock rom can be build from sources by anyone, except OEM, because stock roms are closed source, i.e., code is not available. They can only be moded: delete an app, change wallpaper etc... . So, no matter how many more releases of moded stock roms can appear, none of them will include any security patches after the last official release, which was about the end of last year....
optimumpro said:
I don't think you fully understand: the only way to patch the vulnerabilities is to change the code and recompile the rom. No stock rom can be recompiled by anyone, except Sony, because stock roms are closed source, i.e., code is not available. They can only be moded: delete an app, change wallpaper etc... . So, no matter how many more release of moded stock roms can appear, none of them will include any security patches after the last official release, which was about the end of last year....
Click to expand...
Click to collapse
I didn't understand because I told you that this is my first time with this. Ehh so I must accept this... Thank for reply.
The problem here is that most of these vulnerabilities (with the exception of the first, which is in the kernel) are inside proprietary files from qualcomm. So binaries which we don't have access to the source code to. Chances of this ever being fixed on our phones are pretty slim to none. The only chance might be the release of patched binaries for MM AOSP, which could then be used in custom (non-stock) ROMs.
Also we all just needs to "Keep calm and carry on".
We are also all "affected" to be run down by a car in the street, but we some how don't get run down every day.
How: we don't walk out on the street in front of a car. We carefully look both sides first.
Just as we don't download and install unknown apps from unknown sources
This is A gpu error, only you need is to check new apks, and be sure that are safe, before installing.
Nothing bad.
Sent from my XT687 using xda premium
---------- Post added at 01:50 PM ---------- Previous post was at 01:49 PM ----------
[QuadRooter?]
http://forum.xda-developers.com/showthread.php?t=3435492
[QuadRooter?]
Sent from my XT687 using xda premium
---------- Post added at 01:51 PM ---------- Previous post was at 01:50 PM ----------
Qualcomm Vulnerability - Possible Root?
http://forum.xda-developers.com/showthread.php?t=3435425
Qualcomm Vulnerability - Possible Root?
Sent from my XT687 using xda premium
---------- Post added at 01:54 PM ---------- Previous post was at 01:51 PM ----------
They NEVER will update our roms, all they are piggest dollar bill, saying to buy a new CVE BUG ERRORED DEVICE (AFTER ONE YEAR EXACTLY)
Sent from my XT687 using xda premium
derf elot said:
The problem here is that most of these vulnerabilities (with the exception of the first, which is in the kernel) are inside proprietary files from qualcomm. So binaries which we don't have access to the source code to. Chances of this ever being fixed on our phones are pretty slim to none. The only chance might be the release of patched binaries for MM AOSP, which could then be used in custom (non-stock) ROMs.
Click to expand...
Click to collapse
Not true. They are all open source. In fact most Qualcomm's fixes are open source. Just because Google is lazy to reference sources and instead chooses to publish binaries, doesn't mean they are not open source. You just have to get them from Code Aurora directly.
Here they are:
CVE-2016-2059: https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=9e8bdd63f7011dff5523ea435433834b3702398d
CVE-2016-2503 and 4: https://www.codeaurora.org/use-after-free-due-race-conditions-kgsl-module-cve-2016-2504-cve-2016-2503
CVE-2016-5340: https://www.codeaurora.org/invalid-path-check-ashmem-memory-file-cve-2016-5340
Yes, I was mis-informed by an article I read yesterday.
I found those patches last night and made a new build. Funnily though, CVE-2016-5340 is still shown as unfixed in the program, but other people are having that problem as well it seems. So for now I'm blaming the App
This is why i suspect if this app haves a png inside , for when we open, display "device affected" by a fake scanner
Sent from my XT687 using xda premium
derf elot said:
Yes, I was mis-informed by an article I read yesterday.
I found those patches last night and made a new build. Funnily though, CVE-2016-5340 is still shown as unfixed in the program, but other people are having that problem as well it seems. So for now I'm blaming the App
Click to expand...
Click to collapse
The app and the whole Checkpoint's blog are nothing more than a deceitful commercial pitch for business customers. I don't think there is even a way to know whether vulnerabilities are fixed on a live device. It is all crap...
---------- Post added at 09:36 AM ---------- Previous post was at 09:31 AM ----------
Dethfull said:
This is why i suspect if this app haves a png inside , for when we open, display "device affected" by a fake scanner
Click to expand...
Click to collapse
Could you post the app please. We can expose Checkpoint if the app is fake....
You find this as Quadroot Scanner in goglebley store or 9apps store
If you read the checkpoint site, they explicitly are promoting goglebley store with this invalid argument :
"OnLy dOwnLoAD aPps fRoM goGleBlEy sToRe"
Lamentable!
:sly:
Sent from my XT687 using xda premium
Just to be 100% sure: if I use a stock ROM (as we know there will be no updates...) the only way to protect myself is to:
stop using it and use some custom ROM
use some apk scanner (e.g. AVG), do not install from unknown sources, do not install suspicious apps (and "that's all")
So no way to e.g. somehow patch my ROM.
As a second question, I know that I can be hit by a car at any time but am I safe on a stock ROM? It is fast and works fine for me. Btw I would need some OS where I can download my company mails and things like that which need a "very secure environment"... and also a very stable one, as I know current Marshmallow ROMs for Z1 are unstable.
You don't need follow google craps, you may stay installing unknown source apks, by scanning after...
Sent from my XT687 using xda premium