4 comments

[ 3.3 ms ] story [ 17.9 ms ] thread
In a related concept, what is a reliable way of checking whether your phone has the patches? Recently I got an update to my Moto X 2nd Gen to Version 23.16.5.en.US (Verizon carrier) which takes me to Lollipop 5.1. But most lists I see about patches and which phones are fixed are from back in August.
Zimperium, the white hats who discovered the problem, has an app the check if your OS is vulnerable.

https://play.google.com/store/apps/details?id=com.zimperium....

I think it's fair to assume anyone getting updates in the last two months has been patched. Samsung even (partially) fixed it in the two-year old S3.

It's still not completely fixed on my Samsung Galaxy S 5. According to that app I'm open to CVE-2015-3864, which doesn't seem to have any details [1].

1. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-38...

The simple workaround is to just turn off MMS auto retrieval in your messaging app.

PS I just got a software update for my Samsung Galaxy Tab Pro 8.4 this morning, which included a fix for stagefright.