One week ago, details about widespread vulnerabilities in modern processors became public. One variant, named 'Meltdown,' affected every modern Intel chip. Two other variants, collectively known as 'Spectre,' are known to affect chips from Intel, AMD, and ARM (at the very least). Most Google products are already protected against these threats, but now the company has made it easier to tell which Chromebooks are patched. Read More
Vulnerabilities. There's a new flavor of the week every few days and in this highly connected world, it's tough to keep up, whether it's for users who don't know which of their devices are vulnerable and have/haven't been patched or for companies who are scrambling to fix one bug only to see the next one around the corner.
The BlueBorne vulnerability affected Bluetooth devices and could be exploited by hackers to completely take over a device with Bluetooth just turned on, without pairing with it first. Android patched it in September, but it appears that Amazon Echo and Google Home devices were left vulnerable for a while. Read More
Root users should be universally familiar with Magisk, and yesterday both it and the associated Magisk Manager were updated to v14 and v5.3.0, respectively. There are a ton of changes, but the headlining features from these updates are improvements in Samsung device compatibility, a new beta channel for updates, and the ability to patch boot images without root. That last one is a biggie, as it'll let you install Magisk both without a custom recovery and without already being rooted. Read More
OnePlus is something of a darling among Android power users, shipping phones that can be bootloader unlocked without any special permissions or codes. But security researcher Roee Hay found that the OnePlus 3 (and the revised OnePlus 3T) are rather more open than was probably intended. With two native fastboot commands, Hay found he could install unverified boot images and disable the verified boot feature, all without actually unlocking the bootloader with the familiar user-accessible command. Which is, well, bad: it basically means anyone can run malicious code on the phone without resetting the user's data. Read More
Samsung has been diligent about releasing its security patch bulletin along with Google at the beginning of every month, but this month, it took the lead and published the details before even Google got around to doing so.
The report lists the different Android Security Bulletin patches issued by Google to AOSP, which are quite numerous this month. There are 9 critical patches, 26 high-severity ones, 9 moderate, and no low severity patches. As for Samsung's Vulnerabilities and Exposures, 4 new ones have been patched with this release, but the bulletin keeps two a secret probably as to not compromise any devices that might be unguarded and have not already or will not receive the security update. Read More
Google and the various major Android device vendors and carriers are scrambling to patch the recently-discovered Stagefright exploit, a weakness in Android's multimedia processing that can allow remote access via a simple MMS message. Google has already begun patching Nexus devices, and Samsung is working its way through its extensive product range starting with flagships. Yesterday Motorola released its plans to update its phones.
So which devices will get the fix? Basically everything Motorola has made since 2013, including carrier variants and DROID models for Verizon in the US. Here's the full list:
- Moto X Style (patched from launch)
- Moto X Play (patched from launch)
- Moto X (1st Gen, 2nd Gen)
- Moto X Pro
- Moto Maxx/Turbo
- Moto G (1st Gen, 2nd Gen, 3rd Gen)
- Moto G with 4G LTE (1st Gen, 2nd Gen)
- Moto E (1st Gen, 2nd Gen)
- Moto E with 4G LTE (2nd Gen)
- DROID Turbo
- DROID Ultra/Mini/Maxx
Some third-gen Moto G phones (released late last month) have been patched from launch, but others will need an over-the-air update. Read More
So you might have heard about the Stagefright vulnerability that was published yesterday. While there's no evidence of a widely-used hack, the potential for malicious MMS attacks via Android's built-in media handling system (which could theoretically affect the majority of Android devices currently in operation) is certainly cause for concern. As reported on our original post, Google has known about the vulnerability since April and has been working on patches to fix the problem.
We've received a statement attributed to a Google spokesperson [emphasis ours]:
This vulnerability was identified in a laboratory setting on older Android devices, and as far as we know, no one has been affected.
While the experience isn't felt across the board, many OnePlus One owners have been plagued by touchscreen issues since making the decision to never settle. As a result, the company has pushed out update after update aimed at alleviating an issue that seems to have a tendency to resurface.
Now it has released another one, OxygenOS version 1.01. A link to download the firmware is available directly inside the announcement. The forum post doesn't contain a changelog, but it does mention "a patch for the touchscreen issue."
There's also a tool available for folks who have not yet installed OxygenOS that should let them flash the latest version directly from CyanogenMod 11 or 12 without data loss. Read More
Sprint is rolling out an over-the-air update to customers who own a Galaxy Note II that applies a security patch or two from Google. What vulnerability this update addresses isn't detailed, but it's the first OTA Sprint has sent out since the big KitKat update last May.
Once the goods arrive, they will leave your Note II running software version L900VPUCNK2. There's nothing else on the changelog, so don't go digging around looking for anything exciting.
You can check for the update manually, but do so knowing that you're making your phone just a little bit safer. Don't do it because it's fun. Read More
Blue Spark Technologies has introduced a new wearable device at CES, but it's not a smart watch or a fitness band or even a VR headset. It's a single-use skin patch called TempTraq that connects to your Android (or iOS) phone to track body temperature.
Blue Spark pitches the patch to parents with sick progeny, though it could conceivably be used on or by anyone. The patch affixes to the body under the arm, and transmits temperature information over Bluetooth to its dedicated app. Read More