The researcher didn’t just find the vulnerabilities, but actually created the necessary patches and
shared them with Google in April and early May. The company took the issues very seriously and applied the
patches to its internal Android code base within 48 hours, he said.
That code gets shared in advance with device manufacturers that are in the Android partnership program,
before it’s released publicly as part of the Android Open Source Project (AOSP).
Unfortunately, due to the generally slow pace of Android updates, over 95 percent of Android devices are
still affected, Drake estimates.
Even among Google’s Nexus line of devices, which typically get patches faster than those from other manufacturers, only the Nexus 6 has received some of the fixes so far, the researcher said.
これはいい機会 (スコア:0)
どのメーカーが個人情報の管理を任せるに値する信頼性があるかどうか判断する絶好の機会。
・発売2年未満なのにパッチが配布されない機種がある=>論外
・発売4年未満なのにパッチが配布されない。OR 配布まで1ヶ月以上の機種がある=>避けるべきメーカー
・発売4年未満の全機種が1週間以内=>許容範囲
さて、次に買い換えるときの候補にできるメーカーはあるかな?
何処かの消費者団体か調査してくれるといいんだが。
Re: (スコア:0)
Most Android phones can be hacked with a simple MMS message or multimedia file [pcworld.com]
The researcher didn’t just find the vulnerabilities, but actually created the necessary patches and
shared them with Google in April and early May. The company took the issues very seriously and applied the
patches to its internal Android code base within 48 hours, he said.
That code gets shared in advance with device manufacturers that are in the Android partnership program,
before it’s released publicly as part of the Android Open Source Project (AOSP).
Unfortunately, due to the generally slow pace of Android updates, over 95 percent of Android devices are
still affected, Drake estimates.
Even among Google’s Nexus line of devices, which typically get patches faster than those
from other manufacturers, only the Nexus 6 has received some of the fixes so far, the researcher said.
というわけで、脆弱性は4月にGoogleに通知され、5月の頭にはGoogle内部で対策パッチが用意されていました。
Android端末全メーカーに脆弱性情報とパッチが提示されたのはいつか分かりませんが、少なくともGoogleは「論外」の範疇のようです
Re:これはいい機会 (スコア:0)
CodeRedみたくなって、携帯ネットワークが落ちてから初めて重い腰を上げるんですかねぇ?
# と、Googleへイヤミの一つも言いたくなるわ。
Re: (スコア:0)
「シェー!」ですか?
Re: (スコア:0)
理論上は、端末の権限管理 [itmedia.co.jp]によっては、感染端末の連絡先を抜き取ってウイルスMMSをばら撒くウイルスも考えられるのか。厄介だな…。