The Stagefright vulnerability has caused a major stir in Android circles. Both Google and Samsung have advised they will be working to release monthly security patches for devices in response to the major flaw. Nexus devices will begin receiving updates to fix the flaw from yesterday and fixes from other vendors are currently in testing – but Google has advised more is coming.
According to Tweakers.net who attended the BlackHat conference where the Stagefright vulnerability was being presented, noted that:
The list of devices includes:
| Samsung | HTC | Sony | LG | |
|---|---|---|---|---|
| Nexus 4 | Galaxy S6 | One M9 | Xperia Z4 | G4 |
| Nexus 5 | Galaxy S6 Edge | One M8 | Xperia Z3 | G3 |
| Nexus 6 | Galaxy S5 | One M7 | Xperia Z3 Compact | G2 |
| Nexus 7 (V2/2013) | Galaxy S4 | Xperoa Z2 | ||
| Nexus 9 | Galaxy S3 | |||
| Nexus 10 | Note 4 | |||
| Note 4 Edge | ||||
| Note 3 |
And Hundreds More…
For devices on carrier contracts, they will require testing before being released, a process which appears to be underway – at least on Telstra. We’ve reached out to Optus and Vodafone for more information on their update schedule for Stagefright updates.
I have a note 4 and it hasn’t received a software update yet. The lookout stagefright detector shows it’s still vulnerable.
I have already turned off MMS auto retrieve but that’s hardly the point.
Turn off autoplay in MMS and wait.
Jesus. This is a pretty bad flaw. :/