Has Google got stagefright regarding OTA Android security updates?

The latest batch of monthly Android security updates are rolling out now, if you are one of the lucky few

The vast majority of the Android ecosystem will be left unprotected against the latest raft of vulnerabilities. Which begs the question: is Google doing enough to secure Android users?

Of the 19 bugs fixed in this cumulative update, Google considers seven of them to be critical with a further ten rated as a ‘high priority’ and only two listed as moderate. The most serious of the critical vulnerabilities could allow mail, web, video or SMS attachments to execute remote code on impacted devices. The problem is, since Google started the monthly Android security bulletins in September 2015, there have been more than 30 Stagefright-related patches rolled out. Maybe this shouldn’t be too surprising given that the security bulletin scheme was started in direct response to the Stagefright problem in the first place. However, the fact remains that the mediaserver service is not something you want left buggy either, given that as well as having access to audio and video streams it can access privileges that are ordinarily out of reach of third-party apps. Yet the vast majority of Android devices are running a version of the OS that isn’t compatible with the security update system. Even if your device is compatible, that doesn’t mean that the manufacturers or network has signed up to distribute the appropriate patches for those particular handsets.

Click here to read complete article