Previous Story
Android vulnerability needs ‘biggest ever’ security update to patch
Google says that bug fixes will be published to the Android Open Source Project at the same time that they’re released to devices.
Therefore Samsung is aiming to push out monthly over-the-air updates to its customers, a process that will require the cooperation of most of the world’s telco operators and carriers. The update with this fix is rolling out to Nexus devices now.
Starting today, Nexus 4, 5, 6, 7, 9, 10 and Nexus Player models are the select devices that will reportedly receive the Google security updates intended to protect them from vulnerabilities and issues. Other popular Android devices from manufacturers such as Samsung, HTC, LG and Sony will get the same protection against Stagefright sometime in August.
Each week, we compile all the major software updates to hit the ecosystem, including phones and tablets on U.S. carriers, unlocked phones, Android Wear smartwatches, and Android TV devices.
However, don’t just expect these updates to start showing up immediately.
Speaking at Black Hat 2015, Google’s lead engineer for Android Adrian Ludwig unveiled plans to send out a software update that will fix the vulnerability.
The Stagefright Bug is complicated to fix because there are many different versions of Android out there.
If your phone is vulnerable, the best course of action is to avoid opening any MMS attachments, especially from users you don’t know, until the manufacturer issues a patch.
“With the recent security issues, we have been rethinking the approach to getting security updates to our devices in a more timely manner”, said Dong Jin Koh, executive vice president of Samsung Electronics’ mobile research and development department. It’s in the process of working with Google on securing its Android hardware against the bug, but doesn’t have any announcements to make regarding the frequency of any ongoing security updates. Devices they sell have to be secure as long as subscribers are on that network. Smaller, less profitable device makers probably don’t have the resources to do monthly security updates at all.
