back to article Huge double boxset of Android patches lands after Qualcomm disk encryption blown open

Google has released two bundles of Android security patches this month: a smaller one to handle bugs in the operating system, and a larger package that tackles a raft of driver-level issues, particularly with Qualcomm's hardware. The first tranche of patches includes eight critical, 11 high severity, and nine fixes that are …

  1. Anonymous Coward
    Anonymous Coward

    Impressive..

    .. based on a *nix, but as shaky as Windows. No wonder Google and MS want to work together.

    1. Anonymous Coward
      Anonymous Coward

      Re: Impressive..

      I guess we shouldn't have laughed at the BB fanbois even with their butt ugly 2004ish phones.

      1. Kurt Meyer

        Re: Impressive..

        @ AC

        Some say Blackberrys are very nice looking, and the difference in operating systems is vast, at least in terms of security.

        There are many contenders for the title of worst OS in history, but Android must surely be among them.

        1. Anonymous Coward
          Anonymous Coward

          Re: Impressive..

          >Some say Blackberrys are very nice looking

          Uh no.

          >There are many contenders for the title of worst OS in history,

          Classical Mac OS at end of the 90s immediately comes to mind.

          1. Anonymous Coward
            Anonymous Coward

            Re: Impressive..

            Yes, OS 9 was butt ugly. And the "cute" sound pretty quickly got on my nerves too.

            Unfortunately, Cable & Wireless were using them so it was impossible to avoid. Ugh. It's the main reason it took something like 10 years before I came near a Mac again (and not by choice) but OS X was so much better that I dumped Windows. Not *quite* the expected result at the time, but it was worth making the switch.

        2. Planty Bronze badge
          FAIL

          Re: Impressive..

          Ironically no. iOS had WAY more CVE's than Android last year.

          Don't confused open with insecure..

          Android is opensource and fixes are talked about in open, iOS is the exact opposite...

          1. Anonymous Coward
            Anonymous Coward

            Re: Impressive..

            Have yet though to see anything that can root iOS with a single mms. That one showed open source or not, Android security was bolted on after the fact, not designed in. WordPress is open source too and well its security record speaks for itself.

  2. NanoMeter

    Everything is just

    one big vulnerability. Time to become a luddite?

    1. bazza Silver badge

      Re: Everything is just

      You may decide to become a luddite, but unfortunately unless the entire rest of the world (your bank, the shops, the power company, etc) follow then you'd be just as vulnerable. And you'd only know about the End of Civilisation As We Know It after it's happened. At least the rest of us would get a Tweet or something to warn us...

    2. Ugotta B. Kiddingme

      Re: Everything is just

      yep, soup cans and string at the ready!

    3. big_D Silver badge

      Re: Everything is just

      The only safe computer is one embedded in a block of concrete, in a locked room, with no power...

  3. Anonymous Coward
    Anonymous Coward

    I won't hold my breath for my huawei phone to be updated...

    1. Anonymous Coward
      Anonymous Coward

      More chance of that happening than landfill Samsung.

      1. Jeffrey Nonken Silver badge

        Galaxy s4 here running cm13, so I'll probably have the patches soonish. Not for the average user, though, for sure. And a damned shame, this is actually a pretty decent phone.

  4. Dan Melluish

    Great news!

    Cool, i'll look forward to getting these patches on my phone so it's all safe and secure. Hah! Nah, only joking.

  5. JeffyPoooh Silver badge
    Pint

    Harvard Architecture rules, von Neumann Architecture drools

    I *told* you that it was a better Turing machine architecture to keep the Program Store and Data Store separate. But *no*....you listened to von Neumann and let instructions and data share the same memory space. "Mercury is expensive, delay lines aren't cheap", you said. But I *warned* you. Now look at the mess you've made. Data getting into the executable instructions. Damn fools!

    ;-)

  6. LINCARD1000
    Flame

    [expletive deleted]ing Samsung [expletive deleted]unts.

  7. Nate Amsden Silver badge

    question on google nexus

    I think I know the answer but would like to know anyway.

    If a user is using a nexus on android 4.4.4 which is still supported from what I see would they get security patches for 4.4.4 or would their only option be to upgrade to 5 or whatever the latest supported build for that device is (assuming it is newer than 4.4.4).

    I assume the user would be forced to the newer build. But maybe that is not correct.

    1. fuzzie

      Re: question on google nexus

      I believe you're correct, yes. OEMs tend to only patch against their most recent release.

      If your OEM's released 5 and you elected to stay on 4.4 because 5 is not working for you, you're a bit up the creek deciding between a working device or a patched device.

    2. Dan Melluish

      Re: question on google nexus

      I sort of remember (from my Nexus 4 days) that only the latest build gets patched. I was using KitKat when the StageFright patch was released and it was only added to Lollipop (when the Nexus 4 version was still really buggy). I guess the situation is still the same. And, i suppose it makes sense too.

    3. Anonymous Coward
      Anonymous Coward

      Re: question on google nexus

      You are incorrect. Google release patches for 4.4, 5.0, 5.1 and 6

      so your phone vendor is likely to update your phone to the same OS it's on. This is why some stupid users believe they don't get patches, as they seem to have been lead to believe patches mean a big OS version bump. It doesn't....

      Security patches are much easier to test and rollout.

  8. PassiveSmoking

    Pass on the updates to their customers

    "Meanwhile, Google is issuing a second string of patches that aren't going on general release: they'll be pushed out to Nexus owners and to hardware manufacturers who are expected to then pass on the updates to their customers."

    Hahahahahaaa! Oh that's a good one. Especially if you own a Samsung device.

  9. Walter Bishop Silver badge
    Linux

    Mobile phone patches lands after computer disk encryption blown open.

    I've fixed the title for you, so as no one could guess the Operating System. Isn't it possible for these phones to come with a hardware switch that rendered the kernel read-only?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019