
CVE-2018-9411: Critical vulnerability in multiple privileged Android services - markovbot
https://blog.zimperium.com/cve-2018-9411-new-critical-vulnerability-multiple-high-privileged-android-services/
======
stevenicr
It's Nov 1 2018 in some parts of the world. Samsung has several tablets
available on via it's web site that are shipping with android 4.4 kitkat.

([https://www.samsung.com/us/mobile/tablets/all-other-
tablets/...](https://www.samsung.com/us/mobile/tablets/all-other-
tablets/s/_/n-10+11+hv1rq+zq1xm/) )

There are also several shipping with 5.1 and 5.1.1

Would it be safe to say that these will be vulnerable to the posted
vulnerability noted in this article, and will likely never get patched to fix
this, and who knows how many other publicly posted exploits?

If so, at what point do we say this is negligent, faulty equipment?

(I am sure there are many other manufacturers and web sites doing the same. I
am only pointing out this example because I was looking there the other day
for new tablet purchase considerations and the 4.4 kitkat jumped out at me)

------
rurban
This failure to update 32bit code to 64bit is one of the most common mistakes
nowadays still. even more than the occasional off by one error or overflow.

I had to fix perl5 at about 20 places, and most fixes are still not applied
upstream.

