by griffinmb on 4/24/19, 1:59 PM with 56 comments
by AdmiralAsshat on 4/24/19, 3:24 PM
That's pretty much all the snapdragons in modern Android phones (page is not letting me copy+paste them here).
Has QC put out a patch yet?
EDIT: The April security patch looks like it took care of it:
https://source.android.com/security/bulletin/2019-04-01
EDIT 2: And of course, my Samsung Galaxy S8+, despite having received an update in April, is only at the March 1st security patch level. So I'm likely vulnerable until Samsung's next update.
by dlgeek on 4/24/19, 2:49 PM
> March 19, 2018: Contact Qualcomm Product Security with issue; receive confirmation of receipt
> April, 2018: Request update on analysis of issue
> May, 2018: Qualcomm confirms the issue and begins working on a fix
by ndiscussion on 4/24/19, 5:53 PM
I moved from an iPhone to a Galaxy S9 about a year ago because I was getting fed up with Apple's hardware problems, and wanted try Android again.
I convinced myself that I was able to secure the Android phone as long as I always bought the newest one and kept it up to date.
But decryption after loss is an untenable scenario for me. I had read that qualcomm's trustzone has had software exploits in the past, but I didn't think it would happen again.
Is there any way to trust that the data on my Android device is safe? If I lost it today, someone could keep it around for a while until the next exploit drops. Has Apple ever had an exploit of this nature?
by Sahhaese on 4/24/19, 3:15 PM
by wemdyjreichert on 4/24/19, 3:33 PM
I'll avoid updating until I know more.
by bubblethink on 4/24/19, 5:57 PM
Did the fixes make it to nexus 5x ? It has been EOL since December 2018. The cve date is CVE-2018-11976 though.
by nayuki on 4/24/19, 2:47 PM
by fulafel on 4/24/19, 4:31 PM
by VeninVidiaVicii on 4/24/19, 6:05 PM