Hang on - if I understand correctly, all of the following is true for Pixel 6, Pro, and 6a users??
- There's an exploit out there that lets attackers own my phone if they know my number
- A patch is not available for my phone yet
- It's not possible to work around the issue because a previous update removed the toggle
- Announcing this signals to every competent black hat worth their salt to begin looking for exploits on this chipset, knowing the reward is high and the method of pulling it off is implied to be simple
I really wish Google had delayed this blog post until after all of their currently supported flagship products were no longer affected...
gcr|3 years ago
- There's an exploit out there that lets attackers own my phone if they know my number
- A patch is not available for my phone yet
- It's not possible to work around the issue because a previous update removed the toggle
- Announcing this signals to every competent black hat worth their salt to begin looking for exploits on this chipset, knowing the reward is high and the method of pulling it off is implied to be simple
I really wish Google had delayed this blog post until after all of their currently supported flagship products were no longer affected...
esperent|3 years ago
Aren't they legally required to disclose security vulnerabilities like this within a certain time limit?
Seems like the real anger should be directed at them removing the toggle to turn it off.
unyttigfjelltol|3 years ago
As for Samsung, their March 2023 patch closes items that sound similar. [1]
[1] https://www.sammyfans.com/2023/03/06/samsung-march-2023-secu...
izacus|3 years ago
This is a sign of integrity.