I guess it's time to update your Android device. Ahem... I meant it's time to pray your manufacturer of choice decides to provide an update for you.

"...that could allow a remote attacker using a specially crafted PNG file to execute arbitrary code..."

@fribbledom One of the many reasons to run a custom ROM like LineageOS that gets frequent updates.

@fribbledom And apparently affects all version of Android from 8.0 onward.

Also, they're adding SafetyNet logging info into the same commit, so enjoy extra spying! Yay! 😒

@KitsuneAlicia @fribbledom welp i have LG i guess i am not getting that update before the end of the year.

@jarlavgrenland @fribbledom Samsung here, but my model (2016 J7 Prime) is only now starting to roll out 8.1 updates after being stuck on 7.0 for a good year or two. The one for my region has yet to get it, so it's gonna be a long, long time before my model gets it -- if ever.

That said, that'd only in terms of official updates. The custom ROM community is much more prudent with this stuff & is very active thanks to being Samsung, so I should get it soon. hehe

@KitsuneAlicia @fribbledom LGs road map says i will get pie in q2 this year i belive after that no more android updates for me and when security updates stop. ill root the phone.

@jarlavgrenland @fribbledom I root my devices as soon as I get 'em, tbh. All these RCE vulnerabilities that can get privileged access mean the only way you can really protect yourself is to have privileged access of your own.

And considering the latest is a fucking PNG file, we're so fucked.

@KitsuneAlicia @fribbledom Welp, true. miss my windows phone now, I didnt have this kind of stupied things before i moved to android RIP windows 10 mobile

@fribbledom Ugh. It's these sorts of issues that made me abandon Android, after using it for a decade. -_-' An utterly broken security model.

@fribbledom I get a feeling that it was probably a good idea to buy my device based on Lineage support lists.

@fribbledom Since I don't want an Apple I chose a Google Pixel primarly because it's the best chance to get quick patches ...

@fribbledom totally. Most underrated value of the Android One program is the monthly security updates 🙆🏽‍♀️

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!