Mozilla has patched a zero-day exploit in late revisions to Firefox 72 and version 68 of the Android web browser. In a security advisory, the company said that it was made aware of "targeted attacks in the wild abusing this flaw."Read More
Android Q Beta 2 brought with it a lot of new features, though it's not surprising that some stuff is being broken given that it is a beta. Google today announced a patch for Q Beta 2, and factory and OTA images are available for installation right now. OTAs will roll out within the next 24 hours.Read More
The Fortnite mobile beta is still limited to Samsung users and those that have received beta invitations. Since development on the title is a constant, it's no surprise to see a new patch rolling out today. The big news is that this patch brings with it voice chat for Android. You can also expect to find a new capture-the-flag mode called Getaway that will only be available for a limited time.Read More
One week ago, details about widespread vulnerabilities in modern processors became public. One variant, named 'Meltdown,' affected every modern Intel chip. Two other variants, collectively known as 'Spectre,' are known to affect chips from Intel, AMD, and ARM (at the very least). Most Google products are already protected against these threats, but now the company has made it easier to tell which Chromebooks are patched.Read More
Vulnerabilities. There's a new flavor of the week every few days and in this highly connected world, it's tough to keep up, whether it's for users who don't know which of their devices are vulnerable and have/haven't been patched or for companies who are scrambling to fix one bug only to see the next one around the corner.
The BlueBorne vulnerability affected Bluetooth devices and could be exploited by hackers to completely take over a device with Bluetooth just turned on, without pairing with it first. Android patched it in September, but it appears that Amazon Echo and Google Home devices were left vulnerable for a while.Read More
Root users should be universally familiar with Magisk, and yesterday both it and the associated Magisk Manager were updated to v14 and v5.3.0, respectively. There are a ton of changes, but the headlining features from these updates are improvements in Samsung device compatibility, a new beta channel for updates, and the ability to patch boot images without root. That last one is a biggie, as it'll let you install Magisk both without a custom recovery and without already being rooted.Read More
OnePlus is something of a darling among Android power users, shipping phones that can be bootloader unlocked without any special permissions or codes. But security researcher Roee Hay found that the OnePlus 3 (and the revised OnePlus 3T) are rather more open than was probably intended. With two native fastboot commands, Hay found he could install unverified boot images and disable the verified boot feature, all without actually unlocking the bootloader with the familiar user-accessible command. Which is, well, bad: it basically means anyone can run malicious code on the phone without resetting the user's data.Read More
Samsung has been diligent about releasing its security patch bulletin along with Google at the beginning of every month, but this month, it took the lead and published the details before even Google got around to doing so.
The report lists the different Android Security Bulletin patches issued by Google to AOSP, which are quite numerous this month. There are 9 critical patches, 26 high-severity ones, 9 moderate, and no low severity patches. As for Samsung's Vulnerabilities and Exposures, 4 new ones have been patched with this release, but the bulletin keeps two a secret probably as to not compromise any devices that might be unguarded and have not already or will not receive the security update.Read More
Google and the various major Android device vendors and carriers are scrambling to patch the recently-discovered Stagefright exploit, a weakness in Android's multimedia processing that can allow remote access via a simple MMS message. Google has already begun patching Nexus devices, and Samsung is working its way through its extensive product range starting with flagships. Yesterday Motorola released its plans to update its phones.
So which devices will get the fix? Basically everything Motorola has made since 2013, including carrier variants and DROID models for Verizon in the US. Here's the full list:
Some third-gen Moto G phones (released late last month) have been patched from launch, but others will need an over-the-air update.Read More
So you might have heard about the Stagefright vulnerability that was published yesterday. While there's no evidence of a widely-used hack, the potential for malicious MMS attacks via Android's built-in media handling system (which could theoretically affect the majority of Android devices currently in operation) is certainly cause for concern. As reported on our original post, Google has known about the vulnerability since April and has been working on patches to fix the problem.
We've received a statement attributed to a Google spokesperson [emphasis ours]:
This vulnerability was identified in a laboratory setting on older Android devices, and as far as we know, no one has been affected.