<div class="bbWrapper">Installed the security update above this morning without issue and since it only specified as a security patch, I "assumed" it was the long awaited Stagefright vulnerability fix. After a couple of reboots I ran two different Stagefright detectors and both failed. So, either the two detectors are both flawed or, the OTA update is for other vulnerabilities. I would be hesitant to trust that the Stagefright risk is corrected until we see an actual changelog of what's in 23.21.44.</div>
DroidForums.net | Android Forum & News
This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!
Security Patch 23.21.44
- Thread starter D._Manley
- Start date
CaptainAmerica
Senior Member
<div class="bbWrapper">Yep, me too. I run again Lookout Stagefrigth Detector after the update and it still reports vulnerability. Go figure. Keeping MMS auto-retrieval off...</div>
<div class="bbWrapper">Received the download for this update this afternoon. Only 30MB and just said security patch. Update was uneventful which I'd say is a good thing in this case. <script class="js-extraPhrases" type="application/json">
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
</script>
<div class="bbImageWrapper js-lbImage" title="TurboUpdate_2015-10-10a.png"
data-src="https://www.droidforums.net/attachments/turboupdate_2015-10-10a-png.75607/" data-lb-sidebar-href="" data-lb-caption-extra-html="" data-single-image="1">
<img src="https://www.droidforums.net/attachments/turboupdate_2015-10-10a-png.75607/"
data-url=""
class="bbImage"
data-zoom-target="1"
style=""
alt="TurboUpdate_2015-10-10a.png"
title="TurboUpdate_2015-10-10a.png"
width="1440" height="2560" loading="lazy" />
</div> <div class="bbImageWrapper js-lbImage" title="TurboUpdate_2015-10-10b.png"
data-src="https://www.droidforums.net/attachments/turboupdate_2015-10-10b-png.75608/" data-lb-sidebar-href="" data-lb-caption-extra-html="" data-single-image="1">
<img src="https://www.droidforums.net/attachments/turboupdate_2015-10-10b-png.75608/"
data-url=""
class="bbImage"
data-zoom-target="1"
style=""
alt="TurboUpdate_2015-10-10b.png"
title="TurboUpdate_2015-10-10b.png"
width="1440" height="2560" loading="lazy" />
</div></div>
Sajo
Diamond Member
<div class="bbWrapper"><blockquote data-attributes="member: 200555" data-quote="k1ngr4t" data-source="post: 2652682"
class="bbCodeBlock bbCodeBlock--expandable bbCodeBlock--quote js-expandWatch">
<div class="bbCodeBlock-title">
<a href="/goto/post?id=2652682"
class="bbCodeBlock-sourceJump"
rel="nofollow"
data-xf-click="attribution"
data-content-selector="#post-2652682">k1ngr4t said:</a>
</div>
<div class="bbCodeBlock-content">
<div class="bbCodeBlock-expandContent js-expandContent ">
Sorry I've been inactive for awhile. I also got the update, but what is the Stagefright vulnerability?
</div>
<div class="bbCodeBlock-expandLink js-expandLink"><a role="button" tabindex="0">Click to expand...</a></div>
</div>
</blockquote><br />
Here is how I understand it (in laymen's terms). Some security company found a vulnerability in Android that if a hacker sent you a malicious picture in a text (MMS message) that had a very specific code in it, they could maybe take control of your phone and you would not know it. So...they would have to know how to write this malicious code, embed it into a picture, know your specific phone number and send it to you as a MMS text. Then....if you opened the text and viewed the pic...they could maybe take control of your phone. The whole thing was way overblown by the tech media in my opinion. It was not some virus just being spread around the world...it was very specific and apparently no one has ever been hacked using this method. But people freaked out and whined and cried because their phones didn't have the "patch". The company that found the vulnerability then made an app that you can check to see if your phone is patched or not...and if not the app will take you to their website to buy their products. Brilliant! That's not fishy at all? Oh..and now they have mysteriously found a new vulnerability that is similar to the first but it involves texting you a malicious audio file. How convenient that as many phones get the patch...they find another vulnerability...so now we all need another patch...according to them. I still think the whole think was blown way out of proportion & they made a ton of money out of it. But that's just me.</div>
bigbadwulff
Member
<div class="bbWrapper">So now we receive videos with stage fright label or whatever it is and have to mess with that now. <br />
<br />
Sent from my XT1254 using Tapatalk</div>
Sajo
Diamond Member
<div class="bbWrapper">Possibly. If the hacker knows how to embed the code into the file and then if they know your specific phone number and if they send you the malicious file. For me....that's too many if's to worry about.<br />
<br />
Sent from my XT1254 using Tapatalk</div>
