CVE-2021-1048 Critical Zero-Day exploit. Patches available from Google

Can’t we all just get along?

And of course we all support sustainable technology. Right?

So we should support the notion of our favourite sustainable technology provider being widely used. To get there we need the certification, and to get the certification we need timely security updates.

We’re all on the same side here. This is what’s required to achieve our shared goals.

6 Likes

Not going to happen. Pretty much every monthly patch from Google contains critical patches. The only way to make sure that you receive those in a timely manner is to buy a Pixel phone (or a recent Galaxy S, Samsung is also pretty quick these days).

Fairphone for example has (at least to the best of my knowledge) outsourced its OS development to its main assemlby partner in Taiwan. So they cannot even directly control the availability of OS patches AFAIK.

Best wishes,
Thomas

2 Likes

Looks like the required update is available for the FP2 now!

5 Likes

Just wondering if authors here have read

and more

What makes you think that update is related?

Well… since I can’t just post a quote, here’s a sentence too!

1 Like

Thanks.

It was the link. I just looked at the post. You could go back and edit the link to remove the 3 at the end :slight_smile:

It may be that the FOS A9 which is an in-house build, doesn’t require the same google certification, hence can be rolled out once the update has been accomplished.

The usual 500,000 tests google demand might therefore not be needed.

For what it’s worth, the corresponding topic in the Beta category mentioned "fixes required for Google approval" prior to public release, so even if the process might not be entirely the same, they don’t seem to get around Google’s OK :wink: .

1 Like

each “official” Android OS has to go through google certification (therefore custom ROM updates can be published more often and faster). However for the FP2 there is no Network provider related rollout and that seem to make it a lot easier and its therefore also directly available to everyone.

4 Likes

Hi everyone. Thanks @Mark_Jaroski for flagging this. Our team is already aware. The build is ready and we are starting the cycle certification process. I’ll keep you all updated once we have more info to share.

6 Likes

Thank you @rae . I got the update yesterday.

@Mark_/Jaroski Just curious about this update you have. What update is that/this?

Rae’s post was only yesterday I would doubt it’s available today. Are you confusing it with the FP3 A0132 update (security patch 5th Nov) or is there some idea it contained the 1048 patch?

or is this about the FP2 ???

My understanding was that it was in the 5 Nov security patch.

1 Like

I thought that too, so I wonder why on 18th Nov Rae posted that, maybe there was some delay in sending the post??

1 Like

Hi @Rae is this 1048 patch separate from the A1032 as your post is after the push of the A1032 and you say you are starting the certification process on the 18th Nov?

Chiming in here, CVE-2021-1048 is part of the 2021-11-06 patch level (https://source.android.com/security/bulletin/2021-11-01#2021-11-06-security-patch-level-vulnerability-details) so it’s not included in the 2021-11-05 patch level that the recent update has.

7 Likes

OK. Thank you @lucaweiss .

Just a note that this software update went live yesterday. :slight_smile:

4 Likes

More than just a security patch, :yum: people will be expecting more quick updates :christmas_tree:

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.