FP Security Updates need to be more frequent

can’t post this yesterday due to slow mode

nonsense

Yes, lets look at some dates of the actual patches of the Septmber 2024 ASB.

https://source.android.com/docs/security/bulletin/2024-09-01

  • CVE-2024-32896: Wed Jun 26 07:13:41 2024 +0000
  • CVE-2024-40658: Fri Jun 28 00:33:51 2024 +0000
  • CVE-2024-40662: Thu May 30 21:21:12 2024 +0000
  • CVE-2024-40650: Thu Nov 02 11:43:00 2023 +0800
  • CVE-2024-40652: Mon Mar 25 23:49:35 2024 +0000
  • CVE-2024-40654: Wed Jan 31 16:29:01 2024 +0800
  • CVE-2024-40655: Tue Jun 11 15:51:39 2024 +0000
  • CVE-2024-40657: Tue Jun 04 17:00:46 2024 +0000
  • CVE-2024-40656: Tue Jun 11 22:50:08 2024 -0700
  • CVE-2024-40659: Fri May 17 23:34:58 2024 +0000
  • CVE-2024-36972: Fri Apr 05 15:10:57 2024 -0700

so most of the September 2024 patches were made 3 months before


I’d also lastly like to point out that GrapheneOS consistently ships the full monthly ASB the same day as Google publishes it for their ~20 devices. And that I provide the core AOSP patches of the ASB for Android 7 through 13 consistently within 3 weeks for ~175 devices. Neither of us have early ASB access.
I document patch dates of GOS/COS/DOS/LOS/eOS here: Patch History - DivestOS Mobile

Meanwhile over here Fairphone, a phone company, can’t manage to ship the ASB until 1-2 months after Google publishes despite only having to support 3 phones and despite having early access to these bulletins.

15 Likes