FYI: German Telekom has temporarily disabled reception of MMS. Users instead get a SMS informing them that a MMS has not been delivered.
As reported by Heise (german only, AFAICT)
any news when the fix will be released?
All the details about the vulnerability are public since some time now so we should assume that the first exploits are in the wild right now.
Forgotten to mention this blog post from Zimperium which contains two archives with POC files and patches.
Hi all, sorry for the wait.
Latest news (6 August):
The software team has a fix for the security issues under discussion, ie the Stagefright bug. They are working on a build and testing it now. We have to balance getting this update out as soon as possible, and having a reliable support infrastructure for all users. So we’re going to release it in two stages.
For advanced users, next week we plan to have a .zip file to download the fix manually through our support site.
For all users, the current schedule is that the week after next to release the software update with the fix over-the-air over Wi-Fi.
Thanks for your patience as we get this out. It’s a security issue we take seriously and want to deliver it to all Fairphone owners ASAP.
Could you please include the FireFox scrolling fix in it?
The touchscreen fix will be indeed be included. So hopefully no more touch glitches when using FF.
I hope that you will be able to improve you release process/infrastructure with Fairphone 2. It should always be possible to include a bugfix in a stable release, so required testing is limited. Maybe you have something like that already? I would be interested to learn more about how you test and publish software updates. Another topic for a blog?
The two-stage process seems very reasonable to me. And I also have the impression that, 'if* everything works out, the Fairphone will be one of the earlier devices to receive the fix.
We’re getting an update. Yay!
My gf is now worried about her 1.5 yrs old Samsung Galaxy S4 mini. It runs KitKat, but that’s all there is to say about it. I’d trade Android 4.4 for security updates like these any day!
waiting for the fix I have another possible solution: AFWall+.
Some days ago I received an MMS but wasn’t able to download it and I discovered I had an active profile in which the Messaging app was blocked, after enabling it I was able to download the MMS so this could be an alternative solution, I suppose
Great work! Really like the idea that advanced users can install the fix manually. This way we will also be able to provide feedback on the fix in an early stage.
Like @ben said I think that the Fairphone will be one of the earlier devices that receives the fix.
4 posts were split to a new topic: Phone constantly in safe mode (stagefright?)
any news when the download link will be available?
Some of us in the beta release has an update pushed out but it breaks root access we think, so we’ve set the FP software team back on the case.
No update from them on this as yet though…
The software update (manual installation) with the fix to the Stagefright bug is now available. An update for all owners will be released over Wi-Fi next week.
We’re on schedule to publish the manual update by end of today. I’ll post here when it’s published.
**Original post: 13.15
The aim is to have the manual update ready today, Thursday 13 August, to put in a support article. But we cannot guarantee that. I’ll be posting here later in the afternoon on news. Thanks for your patience!
I just downloaded and installed the software update. Everything went fine, the stagefright-detecor-app said “not vulnerable”.Thank you very much!
I also have downloaded and installed the software update without any problem.
Installed the update too and the Zimperium app showed “Not vulnerable”.
Thanks to the team for the swift action!
However I did see a very recent article on tweakers.net (Dutch techsite) about the fact that the original Android patch is not sufficient and Google is working on a second patch. Let’s keep our fingers crossed that it won’t be necessary for the Fairphone to provide a second path. I don’t know if the Fairphone patch is purely based on the Google patch or is different (and better hopefully ).
Update runs without problems for me, too. Unfortunately I cannot run the stagefright detector tests because I don’t use the Google Playstore.
Great Work Team!
I updated the title