Security Patch 23.21.44

[D._Manley]

Installed the security update above this morning without issue and since it only specified as a security patch, I "assumed" it was the long awaited Stagefright vulnerability fix. After a couple of reboots I ran two different Stagefright detectors and both failed. So, either the two detectors are both flawed or, the OTA update is for other vulnerabilities. I would be hesitant to trust that the Stagefright risk is corrected until we see an actual changelog of what's in 23.21.44.

 

[CaptainAmerica]

Yep, me too. I run again Lookout Stagefrigth Detector after the update and it still reports vulnerability. Go figure. Keeping MMS auto-retrieval off...

 

[k1ngr4t]

Sorry I've been inactive for awhile. I also got the update, but what is the Stagefright vulnerability?

 

[TripL]

Received the download for this update this afternoon. Only 30MB and just said security patch. Update was uneventful which I'd say is a good thing in this case.

 

[Sajo]

Sorry I've been inactive for awhile. I also got the update, but what is the Stagefright vulnerability?

Here is how I understand it (in laymen's terms). Some security company found a vulnerability in Android that if a hacker sent you a malicious picture in a text (MMS message) that had a very specific code in it, they could maybe take control of your phone and you would not know it. So...they would have to know how to write this malicious code, embed it into a picture, know your specific phone number and send it to you as a MMS text. Then....if you opened the text and viewed the pic...they could maybe take control of your phone. The whole thing was way overblown by the tech media in my opinion. It was not some virus just being spread around the world...it was very specific and apparently no one has ever been hacked using this method. But people freaked out and whined and cried because their phones didn't have the "patch". The company that found the vulnerability then made an app that you can check to see if your phone is patched or not...and if not the app will take you to their website to buy their products. Brilliant! That's not fishy at all? Oh..and now they have mysteriously found a new vulnerability that is similar to the first but it involves texting you a malicious audio file. How convenient that as many phones get the patch...they find another vulnerability...so now we all need another patch...according to them. I still think the whole think was blown way out of proportion & they made a ton of money out of it. But that's just me.

 

[bigbadwulff]

So now we receive videos with stage fright label or whatever it is and have to mess with that now.

Sent from my XT1254 using Tapatalk

 

[Sajo]

Possibly. If the hacker knows how to embed the code into the file and then if they know your specific phone number and if they send you the malicious file. For me....that's too many if's to worry about.

Sent from my XT1254 using Tapatalk