Stagefright - Still Vulnerable
cgtracy
Enthusiast - Level 1

In October, VZW released a Stagefright patch for the Droid Turbo (23.21.44 Build Number SU4TL-44).  This was 2 months after Motorola (now Moto by Lenovo) announced their release of a patch for all models.

According to the Zimperium Stagefright Detector and SecureNow VTS for Android apps, my device is still vulnerable to the following, most of which are still Stagefright:


CVE-2015-6602 - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6602

CVE-2015-1538-1 - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1538

CVE-2015-1538-2 - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1538

CVE-2015-1538-3 - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1538

CVE-2015-1538-4 - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1538

CVE-2015-6575 - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6575

CVE-2015-6616 - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6616

CVE-2015-6608 - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6608

I have two questions for Verizon, should anyone working for the company be reading this:

1) When will Verizon release the security patch for this model that will address these vulnerabilities?  The fixes for these have already been released for other manufacturers devices (Samsung) but not for the Turbo.

2) Does Verizon have plans to release regular security updates (per Google's example) as other carriers/manufacturers have already done?

The issue of security is not one that only affects users.  Any users connected to and using Verizon's wireless data network have the potential to impact the security of the entire network.

Labels (2)
0 Replies