'Millions' of Android mobes vulnerable to new Stagefright exploit

Re: Pretty easy to get people to visit a 'hacker' website

And, suddenly I don't feel a bit bad about having rooted my Device, just to have been able to install AdAway onto it.

Re: Millions of unpatched Android mobes vulnerable to Stagefright exploit

I would actually be surprised if the worldwide percent of all android devices patched even today is double digit.

in their defense.

Well problems like this get patched very quickly on newish Nexus devices. The Google spying well that is a very basic design feature.

"because they seek to associate Microsoft with "security" (which is why they're insulting)"

FYI - there has been zero malware, and zero critical vulnerabilities across all versions of Windows Phone to date.

Iphones are nearly as bad as Android too - see http://www.theregister.co.uk/2016/03/16/acedeceiver_ios_malware/

Re: Hmmmm...

RIF

"also important to note that the victim doesn't have to press play on a rigged MPEG4 video file, because the bug is triggered when the web browser simply fetches and parses the file upon first seeing it."

Re: Hmmmm...

>That video had better be something people *really* want to see.

Grrr why won't my phone play ParisHiltonBareBack.mp4. I'll try a few more times.

Re: Cyanogenmod time

Go to xda developers and read the thread for your particular phone, to find a ROM and see if it is both up to date and stable.

Pros : may get later code, possibly more secure

Cons : could be less stable, as CM does not necessarily have access to all documentation and resources the manufacturer has. May lack specialist functionality (i.e. my previous phone when moved to CM drops FM Radio, HDMI support, and the camera support is not as good. It was worth it considering the manufacturer ROM stops at ICS, whereas CM is currently up to Lollipop..)

Re: Cyanogenmod time

Short answer: Yes, you will get the AOSP fixes in the Nexus monthlies fairly quickly.

Long answer: You will need to be running nightlies for this to happen quickly. There are all sorts of warnings about nightlies not being production ready but, IME, nightlies are about as stable as the old ZTE Blade releases were back in the day. Or build from source, but that's a whole other learning curve, not least of which is where to get the proprietary bits from before you're actually running CM.

Good choice of handset in the Moto X. The Motos in general seem to become stable fairly quickly, even in comparison to some handsets (Wileyfox, I'm looking at you) that have official CyanogenOS support.

If you go with CM13, you may come up against an issue installing OpenGapps with the CM13 recovery. The workaround is to use a CM12.1 recovery booted through fastboot to apply Gapps or search for a bundledawk version of the Gapps zip.

Re: Cyanogenmod time

Better to brick it finding Cyanogenmod won't load than to be running a easily compromised device.

If it bricks, replace it with something supported by Cyanogenmod for that inevitable point in time when the manufacturer quits supplying Android updates.

Re: Cyanogenmod time

you have the bug fixes. Moto push them just fine. I suspect your patches will be on 5.1, but they are still patches that work. Or did you hope patches meant free OS upgrade for an old phone?????

Re: Already in the wild

Not true. It's a fake OS update that is nothing to do with this. The same sites deliver fake iOS and fake windows updates notices depending on your user agent.

No vulnerability here,just JavaScript and idiot users, it will try and give you an apk on Android (if you have untrusted sources switched on), or an EXE on windows (that is unsigned).

I don't know about the worst, but they're certainly not providing any for my phone (SCH-I927 Captivate Glide, which I bought because it has a physical qwerty keyboard).

No OTA updates are available either, because I'm on an AT&T-hosted MVNO.

With a refurbished grey-market phone and an MVNO, though, I wasn't expecting any updates from anyone. On the other hand, the phone was only around $100 and came unlocked and rooted, and I pay less than half of what my wife pays AT&T for a similar level of service (aside from off-network roaming - but my SIM card is replaceable).

On the whole, I'm willing to forego updates in exchange for a device with the features I want (physical keyboard, SD card slot, removable SIM, removable battery), which I have full control over, at a much lower price and no contract. But then that's why I won't pay a lot of money for a phone in the first place - flagship features be damned.