Google Patches 25 Android Flaws, Including Critical Privilege Escalation Bug (www.securityweek.com)
from kid@sh.itjust.works to cybersecurity@sh.itjust.works on 02 Jul 2024 17:07
https://sh.itjust.works/post/21690044

#cybersecurity

threaded - newest

nevemsenki@lemmy.world on 02 Jul 2024 19:54 collapse

Great news, especially for the 8% of Android users who actually receive updates.

01189998819991197253@infosec.pub on 03 Jul 2024 02:26 next collapse

Is it that high? Not even joking. I was always under the impression that it was much lower, and that many of those that are still receiving updates won’t update (old habits from when updating android could brick your device).

nevemsenki@lemmy.world on 03 Jul 2024 05:14 collapse

I don’t know. According to this : statista.com/…/mobile-android-version-share-world… android version 13 and 14 account for almost half the device versions, and those usually have forced auto update and also recent enough to be getting updates in theory…

01189998819991197253@infosec.pub on 03 Jul 2024 19:13 collapse

But if the manufacturers don’t then update their custom bits, the updates don’t make it to the phones. Right? Or is that not a thing anymore?

nevemsenki@lemmy.world on 03 Jul 2024 20:08 collapse

That is a difficult topic. Google did take steps to mitigate issues there. Android got Hardware Abstraction Layer to prevent blobs from blocking updates ; also, a lot of updates were moved from AOSP to the Play Service, so Google can more easily roll them out. (And to make AOSP and 3rd party roms less of a threat, eh.)

Edit : that said, most android phones have woefully short support period.

01189998819991197253@infosec.pub on 04 Jul 2024 00:53 collapse

It is a difficult topic, but one worth discussing I think. Cellphone security used to be an afterthought, at best. Google (and some rom maintainers) have done an amazing job at improving overall security. They have a long way still to go (such as forcing manufacturers to a certain level support), but what they’ve done thus far is commendable.

jenny_ball@lemmy.world on 04 Jul 2024 03:14 collapse

don’t pixels and Samsungs get updates every month?

nevemsenki@lemmy.world on 04 Jul 2024 19:56 collapse

I have an S23, it’s definitely not every month. Last update package is currently dated 1st of may.