

X-Ray scans your Android device for unpatched vulnerabilities - trhaynes
http://www.xray.io

======
ad0nis
Ran it on Verizon Galaxy Nexus (4.0.4) and it appears everything is patched.
Now if they would just get me Jellybean, I would be a really happy camper...

------
dlokshin
Just ran it on my Nexus S with 4.1 and everything is patched. Currious to see
how the HTC / Samsung's that are not Nexus devices fare.

~~~
jonoberheide
4.1 is definitely the most secure Android you can be running currently.

We posted about some of the security improvements in Jelly Bean 4.1 last week:

[https://blog.duosecurity.com/2012/07/exploit-mitigations-
in-...](https://blog.duosecurity.com/2012/07/exploit-mitigations-in-android-
jelly-bean-4-1/)

------
kaolinite
Samsung S2 here (running latest update to ICS). All patched, no vulns. I'm
actually a little disappointed in a way :-P

------
JangoSteve
Motorola Droid Bionic, running latest official carrier update, vulnerable to
Gingerbreak :-\

------
jmediast
Running an older CM7 build on my evo4g, vulnerable to ZurgRush :(

~~~
cdawzrd
Grab the latest of JMZTaylor's unofficial CM9 nightlies! They are very stable
and a huge upgrade from CM7 on my original Evo.

~~~
jmediast
I'll check that out after work today. I was hoping I wouldn't have to ditch CM
to get ICS

------
jonoberheide
X-Ray author here, happy to answer any questions folks have!

~~~
ryanhuff
Why haven't you published this to the Google Play store?

~~~
jonoberheide
We'd love to be able to publish it in the Play Store, but we were informed by
Google that the terms of service disallow any apps that check for
vulnerabilities, despite X-Ray's good intentions.

It's a weird distinction that they allow AV-like apps, but not vulnerability
assessment apps.

------
seanponeil
Galaxy Nexus running CM9 RC1 is vulnerable to Mempodroid :(

~~~
ad0nis
CM9 RC1 is supposed to be running 4.0.4, right? Shouldn't that have been
patched already? Though it also appears they have some bigger issues, like
everything you type going out to the debug logs, passwords included.

You should report this on their issue tracker:
<http://code.google.com/p/cyanogenmod/issues/list>

~~~
jonoberheide
If anyone can quickly point me at the CM9 kernel source, I can verify whether
or not this is actually patched.

The vulnerability is looking checking to see if the mem_write() function is
functional (where the vulnerability was present), which was removed/disabled
by upstream AOSP.

