...manipulated media files watched using Android apps might still be a risk. Please use Sailfish OS apps.
But if you have any friends using Android devices, please warn them about this. Stagefright is a serious "remote code excution" bug, and on Android phones a simple MMS message received automatic can cause a problem to about 95% of Android phones out there.
But if you have any friends using Android devices, please warn them about this. Stagefright is a serious "remote code excution" bug, and on Android phones a simple MMS message received automatic can cause a problem to about 95% of Android phones out there.
Worried about Stagefright Android bug?
We're more than happy to share Jolla's QUICK answer, given in half an hour, about the effect of Stagefright on Sailfish OS devices like Jolla Phone:
Initial analysis is that SFOS is not directly affected by this vulnerability as the MMS'es are not received and handled by the aliendalvik.
Eventually we will patch the vulnerability in the aliendalvik when there's a patch available.[Answered by Jolla employee on the community portal TJC ]
Jolla Phone is not affected by MMS messages, as this part of the vulnerability takes place on Android when it handles MMS messages. All MMS messages are handled by Sailfish OS on Jolla Phone.
Still, Alien Dalvik (Android support) on Jolla might be vulnerable regarding other media files, among 950 000 000 other Androids running out there, so you shouldn't open for example videos from risky sources using an Android app on Jolla. Opening those with Sailfish OS players are not reported to include a risk.
When you warn your friends using Android phones, advice them to disable MMS auto-retrieval on their message settings, and also to avoid risky media file sources in the internet.
As this is not an Android blog, I just mention that this bug is for example capable of hijacking a microphone in most of Android phones. Please read more about this serious bug for example on this great article by Forbes
Share and Shout! Your friends might read it.
By:
Sources: Forbes, TJC
Published: 2015-07-27 22:52 UTC
Updated: 2015-08-06 14:00 UTC
And yet giving *me*, the user, root access is somehow "too dangerous"
ReplyDelete