Cybersecurity

5277 readers

238 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 1 year ago

MODERATORS

[email protected]

Google Patches 25 Android Flaws, Including Critical Privilege Escalation Bug (www.securityweek.com)

submitted 1 month ago by [email protected] to c/[email protected]

8 comments fedilink hide all child comments

top 8 comments

sorted by: hot top controversial new old

[–] [email protected] 9 points 1 month ago (2 children)

Great news, especially for the 8% of Android users who actually receive updates.

[–] [email protected] 2 points 1 month ago (1 children)

Is it that high? Not even joking. I was always under the impression that it was much lower, and that many of those that are still receiving updates won't update (old habits from when updating android could brick your device).

[–] [email protected] 3 points 1 month ago (1 children)

I don't know. According to this : https://www.statista.com/statistics/921152/mobile-android-version-share-worldwide/ android version 13 and 14 account for almost half the device versions, and those usually have forced auto update and also recent enough to be getting updates in theory...

[–] [email protected] 2 points 1 month ago (1 children)

But if the manufacturers don't then update their custom bits, the updates don't make it to the phones. Right? Or is that not a thing anymore?

[–] [email protected] 2 points 1 month ago* (last edited 1 month ago) (1 children)

That is a difficult topic. Google did take steps to mitigate issues there. Android got Hardware Abstraction Layer to prevent blobs from blocking updates ; also, a lot of updates were moved from AOSP to the Play Service, so Google can more easily roll them out. (And to make AOSP and 3rd party roms less of a threat, eh.)

Edit : that said, most android phones have woefully short support period.

[–] [email protected] 2 points 1 month ago

It is a difficult topic, but one worth discussing I think. Cellphone security used to be an afterthought, at best. Google (and some rom maintainers) have done an amazing job at improving overall security. They have a long way still to go (such as forcing manufacturers to a certain level support), but what they've done thus far is commendable.

[–] [email protected] 1 points 1 month ago (1 children)

don't pixels and Samsungs get updates every month?

[–] [email protected] 1 points 1 month ago

I have an S23, it's definitely not every month. Last update package is currently dated 1st of may.