Fairphone patch for the Stagefright vulnerability

I also just saw the generic update offer at this moment.
Do I understand correctly that this patch only concerns android version 1.8?
TIA
(as my simcards don’t handle MMS the whole point is not an issue for me, but since I bought my phone that would be the very first time leaving version 1.6 is related to something significant for me…)

This is not about MMS, it’s about the Android library for video and audio processing

1 Like

I am not quite sure i understand correctly. Fairphone OS 1.6 is affected by this security issues as well as all other Fairphone OS versions below 1.8.7
If you want to get the security updates, you need to update to Fairphone OS 1.8.7, therefore leave 1.6.

Thanks for this, and sorry if I misunderstood -but I heard the only ‘auto-trigger’ possibility was lying in a software that I am not using, and within MMS potentially being pre-loaded (thus ‘executed’ without my consent). That’s why I was talking about MMS.

If my v. 1.6 the way I use it is still OK (I never watch videos on my phone), I probably won’t upgrade, merely because I understood leaving to 1.7 would basically blank my phone, requiring an enormous setup process I’m not available to respend at this moment…

Hi all,

As we discussed on 14 August, last Thursday/Friday security researchers discovered still-existing vulnerabilities in the Stagefright fix that was being shipped around in Google devices as well as our own build. Therefore, we have been working to make a new build, perform thorough testing and make sure our support and tutorial infrastructure was ready.

The plan is to release the manual installation and over-the-air Wi-Fi update early next week, week of 24 August.

If you have already installed the update last week manually, you will also get a notification over Wi-Fi when the new update is available.

Thanks for your patience-

3 Likes

Not at all. As long as you don’t do the Storage Upgrade, you will only have to reinstall Google Apps.

3 Likes

Actually, MMS is just one way to attack using Stagefright. The problem with receiving an (auto downloaded) MMS is that the media within the MMS is displayed in the notification area. Other apps that have similar behavior are methods of attack as well. Examples include, but are not limited to Google Hangouts, WhatsApp and possibly other messaging apps as well.

1 Like

For non-german speaking readers: the german article links to an English source:
http://blog.trendmicro.com/trendlabs-security-intelligence/mediaserver-takes-another-hit-with-latest-android-vulnerability/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Anti-MalwareBlog+(Trendlabs+Security+Intelligence+Blog)

2 Likes

That link gives me a “oops. You’re not authorized to access this page.” :confused:

Yup, the update was retracted to add a new security fix. It will be rereleased next week. See here:

3 Likes

Ah, thanks, didn’t see that among the other replies

Hi all,

An email has been sent out to all FP1 and FP1U owners today. Important information is that the update will go out over Wi-Fi early next week. @anon12454812 will let us know when it is out in the open.

Cheers,
Joe

3 Likes

Will this become available for manual download and installation as well at the same time?

Hi,

Yes it will be.

Cheers

1 Like

Will there be an update for the Fairphone-AOSP-Variant? Or is it possible to change from AOSP to Fairphone OS without reinstalling all apps (I do not use GApps, but F-Droid)?

Changing to Fairphone OS should only affect system apps, not any other apps, e.g. installed through F-Droid. (Please correct me, if I am wrong, I’ve never used AOSP.)

But it’s still advised to do a backup first. E.g. with Titanium Backup.

1 Like

will there be an update for the OS 1.6? As long as the bluetooth issues aren’t resolved, I don’t want to update to 1.8. Everything works fine on 1.6.

That is highly unlikely.

Hi all,

A fix is available, read more here.

Cheers,

Rick

2 Likes