Why does every article which mentions how horrible and bad it is that the version numbers aren't universally highest across android also fail to mention that API upgrades are done independently of the OS/Kernel version and reach back further than Apple's support for iOS?
May be Android users don't care if their bank/brokerage/credit accounts are breached due to many of such security flaws because (may be) they don't have money in their account ro worry about. Plus, they also don't care and allow Google to steal/capitalize your private info due to such security holes.
Why does every article which mentions how horrible and bad it is that the version numbers aren't universally highest across android also fail to mention that API upgrades are done independently of the OS/Kernel version and reach back further than Apple's support for iOS?
Because it is contrary to DED clickbait
I'm beginning to think AppleInsider is nothing but clickbait, they misreport things like this and get two breeds of people - mindless fandroids defending them, and the equally mindless apple fanboys praising it.
I'm beginning to think AppleInsider is nothing but clickbait, they misreport things like this and get two breeds of people - mindless fandroids defending them, and the equally mindless apple fanboys praising it.
Just disagreeing with DED's style of writing is enough to get you down-voted. I thoroughly enjoy all the Apple products I own and recommend them to others, but I do not need DED to constantly justify my purchases by bashing other companies in the style he does.
Love how all the Fandroid supporters come en-mass onto an Apple site, simply reporting on an article that was published by a third-party security researcher, and taking the immediate stance that this is very unlikely to affect anyone, and how Android is actually just fine. You people are the ones living in La La Land and need your head's examined. Android is a complete and unmitigated DISASTER not just of an OS, but as an entire PLATFORM.
Oh, when you go out to get that examination, make sure to leave all Apple sites, you're just cheap comedy for us.
Thank you.
I wonder if they lock their doors or keep their keys in the glove compartment since being robbed is very "unlikely".
They seem to pass Apple's security as a non-feature or unimportant. They must hate car alarms and home security systems.
The article barely mentions tablets but Android has an even more sorry state of affairs with tablets. For each cell phone manufacturer there is probably three manufacturers making crappy tablets full of additional security holes put there by the maker. It would be a much more serious problem if Android had a decent sized tablet user base.
According to the researchers, SELinux on Android makes this exploit extremely unlikely. SELinux was adopted by Android in version 4.3. So if you look at the graph in this article you can see that approximately 2/3 of all Android devices are protected by SELinux. Sure, they should be patched but the danger is extremely small for most Android users. Same for any Linux server using SELinux, which includes a large portion of commercial servers because Red Hat and Cent OS are by far the most popular and they have implemented SELinux by default for many years.
How is it "small", you don't how big or small it is. That's your own assessment.
That's what the researcher said:
Even though exploitation of the flaw is "straightforward", the
researchers say that SMEP (Supervisor Mode Execution Protection) and
SMAP (Supervicor Mode Access Protection) will make it difficult to
exploit on Linux servers, and SELinux will offer some protection on
Android devices
Does "some protection" seems like a fracking firewall, no it doesn't.
That's like "some protection" from crashes from airbag doesn't mean you shouldn't fix your god damn brakes if they're faulty.
It depends on the existence of other unpatched exploits, and yes, there are many many on older Android phones, the existence of scripted exploits (which removes all the need for skills of any kind), jailbreaks are essentially chaining exploits, and just plain time.
Since most of these will never be patched, there is all the time in the world for difficult to actually become trivial. That's why this NEEDS TO BE PATCHED; just it would need to be patched if it hit IOS.
All this hand waving about oh, this isn't such a problem makes me laugh hard, what about stage-fright, not bad I guess either, or some other exploits affecting 800M devices and won't be patched either, etc. Google a little while and you'll find plenty. Most Android phones, except the high end, are a security nightmare because they will always be unpatched. And you don't even need to root a phone to give away everything, side loading and coarse security for apps means people will just do it willingly.
But, hey, who cares, it's just Android anyway hey. If IOS had this level of laissez faire, Android flunkies would be all over it : 100% sure.
Since the exploit is in no way impossible to go around, merely harder, eventually, like many other exploits, there will be some quite easy procedure to exploit it that chains several existing ones, like all others out there.
According to the researchers, SELinux on Android makes this exploit extremely unlikely. SELinux was adopted by Android in version 4.3. So if you look at the graph in this article you can see that approximately 2/3 of all Android devices are protected by SELinux. Sure, they should be patched but the danger is extremely small for most Android users. Same for any Linux server using SELinux, which includes a large portion of commercial servers because Red Hat and Cent OS are by far the most popular and they have implemented SELinux by default for many years.
That's not true. What researchers actually said was "The vulnerability affects any Linux Kernel version 3.8 and higher. SMEP & SMAP will make it difficult to exploit as well as SELinux on android devices. Maybe we’ll talk about tricks to bypass those mitigation in upcoming blogs, anyway the most important thing for now is to patch it as soon as you can."
So while SELinux can makes exploits "more difficult," there's nothing about it making exploits "unlikely." The fact that they refer to "tricks to bypass" SELinux protections makes it clear that the researchers are not under the impression that "Android devices are protected by SELinux."
There's probably still well over 100 million PC users stuck on Windows XP and older versions of IE. These people either have a very high risk tolerance or simply don't fully comprehend the negative ramifications and hassle associated with identity theft and personal data loss. Plus, with all the money they save buying Android phones versus iPhones they can buy more lottery tickets, because we all know that's a sure fire path to prosperity.
I not looking at this from Apple's perspective or that they should do this.
I'm just wondering how much people would be willing to pay for iOS software.
I think an option for Apple is to start a secondary brand. They should call it Peach. But they won't be responsible for building/selling the hardware. They would simply license iOS to this hardware company...
blah blah blah...
FOR THE LOVE OF GOD ! THOSE WHO DON'T KNOW THEIR HISTORY ARE DOOMED TO REPEAT IT!
Killing the clones
In 1994, Apple began licensing Mac OS to a handful of select vendors who paid Apple $80 per machine to use the operating system. As the years went by, it became apparent that this wasn’t such a great idea. The clone manufacturers produced relatively low-cost machines that cannibalized Apple’s most profitable product line, and the clones did not have the intended effect of significantly expanding the footprint of the Mac platform.
So when Jobs returned to Apple, he knew the Mac OS licensing program had to go. He declined to license Mac OS 8 to the clone vendors upon its release in 1997, thus effectively ending the clone program (one manufacturer, UMAX, did manage to license OS 8 until 1998, however).
Jobs believed strongly in controlling the total user experience from hardware to software, and that could not be achieved if the hardware end was out of Apple’s hands. Clones watered down the Macintosh brand, and if they had remained, Apple could not have become as proficient at the secrecy, desire, and new product execution as they later became famous for.
According to the researchers, SELinux on Android makes this exploit extremely unlikely. SELinux was adopted by Android in version 4.3. So if you look at the graph in this article you can see that approximately 2/3 of all Android devices are protected by SELinux. Sure, they should be patched but the danger is extremely small for most Android users. Same for any Linux server using SELinux, which includes a large portion of commercial servers because Red Hat and Cent OS are by far the most popular and they have implemented SELinux by default for many years.
Since the exploit is in no way impossible to go around, merely harder, eventually, like many other exploits, there will be some quite easy procedure to exploit it that chains several existing ones, like all others out there.
"Like all the others" that didn't actually result in malicious and evil malware on untold millions of users phones?
Most of the talk of hundreds of millions of exposed users are simply that: Talk. Android has it's problems and is certifiably not as stable or secure as iOS, but it's also not the malware infested insecure hellstew readers of AI would believe it is if all you ever read were articles here. In the world of operating systems it's one of the most secure, completely virus free despite what you've heard. Don't take my word for it. Feel free to do your own research to confirm.
Of course it should be no surprise competitors of Apple, real or imaginary, are depicted in the worst possible light here. What would you expect? It's a hard-core Apple fan site. If you have the least bit of interest in getting an accurate picture of other companies and their products you need to expand your reading list a bit. AI is great for Apple rumors and discussions (and camaraderie) , but don't depend on them for a true view of non-Apple stuff.
On an Apple site one expects to see a lot of Android bashing and a lot of Android bashing is justified. This article however is alarmist nonsense. A zero day kernel exploit is a problem on a Linux server available to thousands of anonymous users. On an Android device that is only available to those who have physical access to it it is not a problem. It may be a remote possibility that a malicious app could exploit this vulnerability, but its so easy to root an Android device that there are plenty of other ways malicious apps can cause mischief.
I wish Appleinsider was more discriminating about what they print. I rely on this site for news an rumors concerning Apple. Articles such as this with Juvenile catch phrases such as "Android is the new Flash" lower the credibility of the whole site.
The issue isn't a specific exploit. It's the fact that it will never be fixed for most Android users, making it much more likely that over the next ?? years it will serve as another open vulnerability to exploit by local apps the user installs.
The fact that an exploit is so broadly installed and won't be fixed is a huge difference between PC Linux and the supposedly open Android, and the reaction by the public to this is that it's a problem Google hasn't address since first taking a stab at it back years ago. Switching is accelerating. This is a pretty clear trend.
On an Apple site one expects to see a lot of Android bashing and a lot of Android bashing is justified. This article however is alarmist nonsense. A zero day kernel exploit is a problem on a Linux server available to thousands of anonymous users. On an Android device that is only available to those who have physical access to it it is not a problem. It may be a remote possibility that a malicious app could exploit this vulnerability, but its so easy to root an Android device that there are plenty of other ways malicious apps can cause mischief.
I wish Appleinsider was more discriminating about what they print. I rely on this site for news an rumors concerning Apple. Articles such as this with Juvenile catch phrases such as "Android is the new Flash" lower the credibility of the whole site.
The issue isn't a specific exploit. It's the fact that it will never be fixed for most Android users, making it much more likely that over the next ?? years it will serve as another open vulnerability to exploit by local apps the user installs.
The fact that an exploit is so broadly installed and won't be fixed is a huge difference between PC Linux and the supposedly open Android, and the reaction by the public to this is that it's a problem Google hasn't address since first taking a stab at it back years ago. Switching is accelerating. This is a pretty clear trend.
Where did Google say it wouldn't be fixed? I hadn't read that.
The issue isn't a specific exploit. It's the fact that it will never be fixed for most Android users, making it much more likely that over the next ?? years it will serve as another open vulnerability to exploit by local apps the user installs.
The fact that an exploit is so broadly installed and won't be fixed is a huge difference between PC Linux and the supposedly open Android, and the reaction by the public to this is that it's a problem Google hasn't address since first taking a stab at it back years ago. Switching is accelerating. This is a pretty clear trend.
Where did Google say it wouldn't be fixed? I hadn't read that.
Apparently Google will release a patch in March to fix the issue. Who can get the patch maybe an issue
The issue isn't a specific exploit. It's the fact that it will never be fixed for most Android users, making it much more likely that over the next ?? years it will serve as another open vulnerability to exploit by local apps the user installs.
The fact that an exploit is so broadly installed and won't be fixed is a huge difference between PC Linux and the supposedly open Android, and the reaction by the public to this is that it's a problem Google hasn't address since first taking a stab at it back years ago. Switching is accelerating. This is a pretty clear trend.
Where did Google say it wouldn't be fixed? I hadn't read that.
Apparently Google will release a patch in March to fix the issue. Who can get the patch maybe an issue
Are you sure? "Whoever" wrote the article says they won't.
EDIT: Well gosh you're right. The "kernel flaw that Google won't fix" has already been patched, and the fix sent out to partners. Weird huh? So where did the claim Google wouldn't fix it come from? https://plus.google.com/u/0/+AdrianLudwig/posts/KxHcLPgSPoY
Apparently Google will release a patch in March to fix the issue. Who can get the patch maybe an issue
Are you sure? "Whoever" wrote the article says they won't.
EDIT: Well gosh you're right. The "kernel flaw that Google won't fix" has already been patched, and the fix sent out to partners. Weird huh? So where did the claim Google wouldn't fix it come from? https://plus.google.com/u/0/+AdrianLudwig/posts/KxHcLPgSPoY
Aposted a whole 2 hours before it was asserted it wouldn't be fixed.
So while SELinux can makes exploits "more difficult," there's nothing about it making exploits "unlikely." The fact that they refer to "tricks to bypass" SELinux protections makes it clear that the researchers are not under the impression that "Android devices are protected by SELinux."
While I don't give a rat's ass about Android, I'm pretty confident that SELinux will protect my servers until they can be patched.
Comments
I'm beginning to think AppleInsider is nothing but clickbait, they misreport things like this and get two breeds of people - mindless fandroids defending them, and the equally mindless apple fanboys praising it.
They seem to pass Apple's security as a non-feature or unimportant. They must hate car alarms and home security systems.
How is it "small", you don't how big or small it is. That's your own assessment.
That's what the researcher said:
Even though exploitation of the flaw is "straightforward", the researchers say that SMEP (Supervisor Mode Execution Protection) and SMAP (Supervicor Mode Access Protection) will make it difficult to exploit on Linux servers, and SELinux will offer some protection on Android devices
Does "some protection" seems like a fracking firewall, no it doesn't.
That's like "some protection" from crashes from airbag doesn't mean you shouldn't fix your god damn brakes if they're faulty.
It depends on the existence of other unpatched exploits, and yes, there are many many on older Android phones, the existence of scripted exploits (which removes all the need for skills of any kind), jailbreaks are essentially chaining exploits, and just plain time.
Since most of these will never be patched, there is all the time in the world for difficult to actually become trivial.
That's why this NEEDS TO BE PATCHED; just it would need to be patched if it hit IOS.
All this hand waving about oh, this isn't such a problem makes me laugh hard, what about stage-fright, not bad I guess either, or some other exploits affecting 800M devices and won't be patched either, etc. Google a little while and you'll find plenty.
Most Android phones, except the high end, are a security nightmare because they will always be unpatched.
And you don't even need to root a phone to give away everything, side loading and coarse security for apps means people will just do it willingly.
But, hey, who cares, it's just Android anyway hey. If IOS had this level of laissez faire, Android flunkies would be all over it : 100% sure.
Since the exploit is in no way impossible to go around, merely harder, eventually, like many other exploits, there will be some quite easy procedure to exploit it that chains several existing ones, like all others out there.
That's not true. What researchers actually said was "The vulnerability affects any Linux Kernel version 3.8 and higher. SMEP & SMAP will make it difficult to exploit as well as SELinux on android devices. Maybe we’ll talk about tricks to bypass those mitigation in upcoming blogs, anyway the most important thing for now is to patch it as soon as you can."
Except for the research, other journalists, the upranked opinions of Ars readers, the cited Android fan, and statistics.
Previous scares might have helped but a just released story?
THOSE WHO DON'T KNOW THEIR HISTORY ARE DOOMED TO REPEAT IT!
http://www.macworld.com/article/2009941/steve-jobss-seven-key-decisions.html
Most of the talk of hundreds of millions of exposed users are simply that: Talk. Android has it's problems and is certifiably not as stable or secure as iOS, but it's also not the malware infested insecure hellstew readers of AI would believe it is if all you ever read were articles here. In the world of operating systems it's one of the most secure, completely virus free despite what you've heard. Don't take my word for it. Feel free to do your own research to confirm.
Of course it should be no surprise competitors of Apple, real or imaginary, are depicted in the worst possible light here. What would you expect? It's a hard-core Apple fan site. If you have the least bit of interest in getting an accurate picture of other companies and their products you need to expand your reading list a bit. AI is great for Apple rumors and discussions (and camaraderie) , but don't depend on them for a true view of non-Apple stuff.
The fact that an exploit is so broadly installed and won't be fixed is a huge difference between PC Linux and the supposedly open Android, and the reaction by the public to this is that it's a problem Google hasn't address since first taking a stab at it back years ago. Switching is accelerating. This is a pretty clear trend.
Who can get the patch maybe an issue
EDIT: Well gosh you're right. The "kernel flaw that Google won't fix" has already been patched, and the fix sent out to partners. Weird huh? So where did the claim Google wouldn't fix it come from?
https://plus.google.com/u/0/+AdrianLudwig/posts/KxHcLPgSPoY