account arrowhead-down arrowhead-up cart mobile-menu search sm-bold-x x-skinny-rounded x-skinny arrowhead-right

Please help us improve our website

Take our customer survey to evaluate your visit.

It should only take a few minutes to answer five quick questions. Just click the Launch survey button at the end of your visit to begin.

cancel
Showing results for 
Search instead for 
Did you mean: 

Stagefright vulnerability found in most (all) Android phones

SOLVED
Message 21 of 118
Message 21 of 118

Re: Stagefright Fix? [Official Response Please]

I work as a CSR in a call center environment. I know what the foot soldiers will have been told, or not told, and I've used the pivots and dodges that will be used on me. I'll pass.

Phy
Forum Legend
Message 22 of 118
Message 22 of 118

Re: Stagefright Fix? [Official Response Please]

Umm. Ok, we'll just have to wait and see then.
Enthusiast
Message 23 of 118
Message 23 of 118

Re: Stagefright vulnerability found in most (all) Android phones

I got this reply in the email....

 

Dear Sony Xperia Customer,

Greetings from Sony Xperia support.

We value the importance of your concern.

In response to your query, we would like to inform you that Sony Mobile takes the security and privacy of customer data very seriously. We have received the patches from Google and are working on making them available within normal and regular software maintenance.
 
Work around to protect your phone:
 
1. Please recommend customers to disable MMS auto download
2. Go to “Messaging”, go to options (three dots) and chose “Settings”, uncheck the “MMS auto download”.
3. Recommend not to open MMS by unknown sender
 
They should be really working on them...i think...

 

Message 24 of 118
Message 24 of 118

Re: Stagefright vulnerability found in most (all) Android phones

Sony won't say whether or not the .570 update will contain a fix for Stagefright or not. The fact that someone was told (incorrectly) that it's Google's responsibility to resolve is ridiculous. The fix has already been pushed to the OEM's, it's up to all of them to push the patch, as we all know.

 

BTW, moving threads without the OP's consent or knowledge is very shady. The moderators on this site behave quite inappropriately. Apple doesn't treat its customers this way. 

Message 25 of 118
Message 25 of 118

Re: Stagefright vulnerability found in most (all) Android phones

Message 26 of 118
Message 26 of 118

Re: Stagefright vulnerability found in most (all) Android phones

Check if your  device is vulnerable to stagefright:

https://play.google.com/store/apps/details?id=com.zimperium.stagefrightdetector#sthash.ZYeZK4xe.dpuf

 

Sony Xperia Z3 with Android 5.1.1 build 23.4.A.0.546 is vulnerable (as expected)

 

Workaround: Disabling of auto-retrieve MMS is a workaround for the case where MMS is used as attack vector but it is highly probable that there are other ways of sending media-files to the stagefright lib. 

 

Reference: https://twitter.com/zimperium/status/629057085544660992 

 

Patch status

Google has release a patch for Nexus devices and will release monthly OTA security patches for Nexus 4, Nexus 5, Nexus 6, Nexus 7, Nexus 9, Nexus 10, and Nexus Player - well played Google!

 

Reference: http://officialandroid.blogspot.se/2015/08/an-update-to-nexus-devices.html

 

Samsung follows, also adopting monthly strategy.

 

Reference: http://global.samsungtomorrow.com/samsung-announces-an-android-security-update-process-to-ensure-tim...

 

Samsung Galaxy S6 patch verified:

http://support.sprint.com/support/article/Find-and-update-the-software-version-on-your-Samsung-Galax...yahooworry

 

Sonymobile: what is the status of a patch to remove this vulnerability? Exploits are reported to have been seen as part of exploit packs.

Enthusiast
Message 27 of 118
Message 27 of 118

Re: Stagefright vulnerability found in most (all) Android phones


SilentMajority wrote:

BTW, moving threads without the OP's consent or knowledge is very shady. The moderators on this site behave quite inappropriately. Apple doesn't treat its customers this way. 


It should be noted that, as an Xperia ZL owner, I posted this thread in the Xperia Z/ZL section. It was later moved to the Software and Updates. If I were a conspiracy theorist, I'd say that this could be the first step to indicate Sony is not planning on updating the older Z phones (Z,ZL,ZR,...). tongue 

 

 According to Google's Android lead Security engineer Adrian Ludwig, Xperia Z2, Z3, Z4 and Z3 Compact will be updated in August, see photo at: 

Source: http://tweakers.net/nieuws/104610/google-veel-android-apparaten-krijgen-snel-fix-voor-stagefright-bug.html (Dutch)

 

While the devices mentioned above will be among the first to receive the update, other devices could very well still follow later on.


Owner of an Xperia ZL. Experienced the IR Problem, TWICE
and even THRICE!
Message 28 of 118
Message 28 of 118

Re: Stagefright vulnerability found in most (all) Android phones

Great news! I'm hoping for an adoption to the newly established best-practice when it comes to mobile security - pushing monthly security patches OTA. A modern phone is compareable to a computer so it makes sense to adopt similar patching strategies. Patch Tuesday for phones?

 

(Not) Taking care of older devices has historically been an issue for the entire Android ecosystem. When it comes to security issues, it could be seen as a faulty device which should be repaired by the OEM? 

Regular
Message 29 of 118
Message 29 of 118

Re: Stagefright vulnerability found in most (all) Android phones


Bouvrie wrote:
According to Google's Android lead Security engineer Adrian Ludwig, Xperia Z2, Z3, Z4 and Z3 Compact will be updated in August, see photo at: 

 


Where was that photo taken from? Do you have a link you could share please?

One time poster
Message 30 of 118
Message 30 of 118

Re: Stagefright vulnerability found in most (all) Android phones

Will non-flagship Sony Xperia smartphones be getting these important security updates? Devices such as M4 Aqua and E4 and E4g.

 

It seems that at least Samsung is going to patch all devices currently on sale....