Latest in Android

Image credit:

Fixing 'Stagefright' flaw on Android is harder than we thought

18 Shares
Share
Tweet
Share

Sponsored Links

The Stagefright vulnerability for Android won't seem to want to go away. According to Exodus Intelligence researchers one of the patched issued by Google could still allow access to Android devices. The researchers told Engadget via email, "the summary is that the Stagefright vulnerability is still exploitable and the 4-line patch that was implemented is faulty. We have been able to trigger the fault that still affects over 950 million Android devices." The issue with the patch was reported to Google which open sourced the patch for the patch this morning.

Google told Engadget,"currently over 90% of Android devices have a technology called ASLR enabled, which protects users from this issue. We've already sent the fix to our partners to protect users, and Nexus 4/5/6/7/9/10 and Nexus Player will get the OTA update in the September monthly security update."

Of course, like with all things Android, outside of the Nexus line, it's a wait and see situation when it comes to updates from phone makers. Hopefully they'll be hitting phones and tablets in the near future. But with only six days notice, Exodus Intelligence didn't give Google or its partners much time to get the patch ready.

Traditionally, researchers give companies 30 days notice about a security issue. This gives both parties adequate time to work on a patch and share information. In the post about the patch issue, the researchers explained that it decided to forgo the usual 30 days because the original issue was reported over 120 days ago, Google was still issuing the faulty patch and the amount of attention the original vulnerability had attracted.

So keep on the lookout for this new patch to fix the old patch.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
18 Shares
Share
Tweet
Share

Popular on Engadget

Netflix's 'Cowboy Bebop' production pauses after John Cho is injured on-set

Netflix's 'Cowboy Bebop' production pauses after John Cho is injured on-set

View
Nike puts an accessibility twist on its iconic Air Jordan 1

Nike puts an accessibility twist on its iconic Air Jordan 1

View
Alphabet’s Wing starts drone deliveries to US homes

Alphabet’s Wing starts drone deliveries to US homes

View
Boeing messages hint staff may have misled FAA about 737 Max

Boeing messages hint staff may have misled FAA about 737 Max

View
Judge refuses to block the release of ‘The Laundromat’ on Netflix

Judge refuses to block the release of ‘The Laundromat’ on Netflix

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr