Fairphone patch for the Stagefright vulnerability

Chris_R · August 5, 2015, 7:40pm

See post 12 from @keesj, I’m sure he will update us in due course when there is more to say.

martinv2 · August 6, 2015, 2:34am

FYI: German Telekom has temporarily disabled reception of MMS. Users instead get a SMS informing them that a MMS has not been delivered.

As reported by Heise (german only, AFAICT)

ralf_xda · August 6, 2015, 1:25pm

Hi Kees,

any news when the fix will be released?
All the details about the vulnerability are public since some time now so we should assume that the first exploits are in the wild right now.

[Update]
Forgotten to mention this blog post from Zimperium which contains two archives with POC files and patches.

anon90052001 · August 6, 2015, 2:46pm

Hi all, sorry for the wait.

Latest news (6 August):

The software team has a fix for the security issues under discussion, ie the Stagefright bug. They are working on a build and testing it now. We have to balance getting this update out as soon as possible, and having a reliable support infrastructure for all users. So we’re going to release it in two stages.

For advanced users, next week we plan to have a .zip file to download the fix manually through our support site.

For all users, the current schedule is that the week after next to release the software update with the fix over-the-air over Wi-Fi.

Thanks for your patience as we get this out. It’s a security issue we take seriously and want to deliver it to all Fairphone owners ASAP.

HackAR · August 6, 2015, 3:11pm

Could you please include the FireFox scrolling fix in it?

anon41484458 · August 6, 2015, 4:04pm

The touchscreen fix will be indeed be included. So hopefully no more touch glitches when using FF.

ben · August 6, 2015, 4:25pm

@anon90052001 and @anon41484458 thanks for keeping us updated!

I hope that you will be able to improve you release process/infrastructure with Fairphone 2. It should always be possible to include a bugfix in a stable release, so required testing is limited. Maybe you have something like that already? I would be interested to learn more about how you test and publish software updates. Another topic for a blog?

The two-stage process seems very reasonable to me. And I also have the impression that, 'if* everything works out, the Fairphone will be one of the earlier devices to receive the fix.

Jerry · August 6, 2015, 5:19pm

We’re getting an update. Yay!
My gf is now worried about her 1.5 yrs old Samsung Galaxy S4 mini. It runs KitKat, but that’s all there is to say about it. I’d trade Android 4.4 for security updates like these any day!

DjDas · August 7, 2015, 8:47am

Hi All,
waiting for the fix I have another possible solution: AFWall+.
Some days ago I received an MMS but wasn’t able to download it and I discovered I had an active profile in which the Messaging app was blocked, after enabling it I was able to download the MMS so this could be an alternative solution, I suppose
Bye!

Remco · August 7, 2015, 9:39am

Great work! Really like the idea that advanced users can install the fix manually. This way we will also be able to provide feedback on the fix in an early stage.

Like @ben said I think that the Fairphone will be one of the earlier devices that receives the fix.

paulakreuzer · August 10, 2015, 6:35pm

4 posts were split to a new topic: Phone constantly in safe mode (stagefright?)

ralf_xda · August 12, 2015, 3:36pm

Hi Joe,

any news when the download link will be available?

Thanks,
Ralf

Chris_R · August 12, 2015, 4:09pm

Some of us in the beta release has an update pushed out but it breaks root access we think, so we’ve set the FP software team back on the case.

No update from them on this as yet though…

anon90052001 · August 13, 2015, 11:13am

**Update: 17.45

The software update (manual installation) with the fix to the Stagefright bug is now available. An update for all owners will be released over Wi-Fi next week.

**Update: 16.45

We’re on schedule to publish the manual update by end of today. I’ll post here when it’s published.

**Original post: 13.15

The aim is to have the manual update ready today, Thursday 13 August, to put in a support article. But we cannot guarantee that. I’ll be posting here later in the afternoon on news. Thanks for your patience!

joagri · August 13, 2015, 6:00pm

I just downloaded and installed the software update. Everything went fine, the stagefright-detecor-app said “not vulnerable”.Thank you very much!

Lidwien · August 13, 2015, 6:57pm

I also have downloaded and installed the software update without any problem.

Remco · August 13, 2015, 7:37pm

Installed the update too and the Zimperium app showed “Not vulnerable”.

Thanks to the team for the swift action!

However I did see a very recent article on tweakers.net (Dutch techsite) about the fact that the original Android patch is not sufficient and Google is working on a second patch. Let’s keep our fingers crossed that it won’t be necessary for the Fairphone to provide a second path. I don’t know if the Fairphone patch is purely based on the Google patch or is different (and better hopefully ).

urs_lesse · August 13, 2015, 7:45pm

Update runs without problems for me, too. Unfortunately I cannot run the stagefright detector tests because I don’t use the Google Playstore.

ben · August 13, 2015, 8:28pm

Great Work Team!

paulakreuzer · August 13, 2015, 8:29pm

I updated the title