https://m.theregister.co.uk/2017/04/...x_kernel_flaw/
Posted via CB10
Printable View
https://m.theregister.co.uk/2017/04/...x_kernel_flaw/
Posted via CB10
Whatever helps you sleep at night, I guess.
Already received the patch.
There is a chance of rain tomorrow....
The Register is like the DailyMail of tech. Clickbait Kingdom.
Big Linux bug, low security concerns | ZDNet
As Alan Cox, senior Linux kernel developer and one of udp.c's programmers, remarked: "Not sure it's as exploitable as claimed." Linux security researcher Dan Rosenberg tweeted: "I have reviewed the relevant code and I mostly understand it, but I'm missing the security ramifications." And, Hagen Paul Pfeifer, a senior development expert for Network Protocol Software, put it more bluntly, "Fake news, fake bugs."
The bug also exists in Android and it was only fixed in Google April 2017's patch release. That said, I know of no major Android applications that use MSG_PEEK. It is, as mentioned on Ycomb, a very rarely used routine on any platform.
Last, but not least, it's common firewall practice to block UDP traffic.
This security hole appears to be much ado about nothing. It sounds bad, but the closer you look at it, the harder it is to find even an edge case where it might be exploited.
That said, you should always patch your systems and keep your eyes open for vulnerability news. Just because this udp.c bug turned out to be a soggy firework, doesn't mean that the next one won't explode on you.
We know you have to patch it if there is a patch... it keeps raining with android. Android fits in the same row as Adobe products.
Posted via CB10
Android has all the security you would ever need. Good passwords, sticking with Play Store, and safe browsing cover 99.9% of all threats.
I don't need luck, luck needs me! =)
I'm lucky all this time, I've got zero breach even without patches.
Sure theoretically. IF an exploit could be properly built to run well. IF it were able to be placed somewhere to hit a decent number of users. IF the changes it makes are such that Googles autoscanning of installed apps can't see it. If if if.
Net effect is likely nothing.
I have plenty of totally tech ignorant friends using Android and none of them have had any malware such as this hit them.
Not totally dismissing the threat. For sure in proper hands and against an specific target it could be used for all kinds of things.
Thanks.
Posted via Commodore 64
Thanks for another useless topic about something we do not have to worry about.
Same as every other "security threat" announcement.... Actually this one is the most anticlimactic I have ever seen. Congratulations!
Indeed.
You quite literally have to be looking for malware to get it on your Android, and even then, you have to jump through the many warnings advising you not to install that app to eventually get it on your phone. Lol.
It is entertaining reading thread after thread though of people trying to paint a picture of doom and gloom on Android with these sort of topics.
There are still millions of people using old Androids from 4-5years ago on Android 4.0 and even they have to try find this malware that us supposed to be infecting our phones and bringing us to our knees. [emoji23] 😂
Thanks. Clearly won't need it though..
Maybe you never actually read the article lol.So, in short, yes, there is a remote kernel-level code execution vulnerability in Linux, which sounds like the worst of the very worst, but it is pretty much patched by now – and it appears to be tricky if not impossible to realistically exploit.
agree with all, patched is nolonger an issue, even the fault is most likely not explored. however, it is striking to see the software chaps got programmed way back in early Microsoft days that Bug, is part of software,everybody have to tolerated, routinely patched... (saw once at way back of bug list at some software, scary long and complicated... if legacy program is out there... re-use suppose be a good thing, but with bug, major pain... ). I don't think customer cut a slack for hardware like this... (just look the out cry for apple sent out a ring for the grip gate... those chaps almost take two bites out the apple instead of one).
Keep laughing. The most effective 'malware' is undetectable and willingly installed under whatever pretext gets this accomplished.
Well for sure there are morons with remote management of their home IoT devices/routers, etc. enabled with weak passwords set.
You just can't help those types. No matter what tech they use.
IT security is like real world security. Some percentage of people leave their cars unlocked and iPhone on the passenger's seat as they run into the grocery store, and thus can not be helped period.
I will keep laughing, until the day I am actually shown something that can literally get itself into my phone and cause real damage, instead of these countless malware reports that talk about malware that I'd have to hunt for to get into my phone.
Yeah good point. Google are a bunch of idiots for working on these stupid security patches. What a waste of time. Lol.
Oh dear, no, the idiots are the ones trying to scare Android users with malware that requires jumping through hoops to get.
If malicious malware was rampant and robbing people of their money and identity, it would be all over the news and tech blogs. Most of these threats are not worrisome.
I think it is funny since many trashing Android probably have a Windows computer at home. But that isn't a problem???
Posted via CB10
Nothing new, I'm in Seattle!:rotfl:
BB10 fanboys at their finest... in sourgraping! :)
It's raining in UB now.