
Address randomization defense does not protect against stagefright exploits - gtufano
http://arstechnica.com/security/2015/09/googles-own-researchers-challenge-key-android-security-talking-point/
======
Spellman
In a related concept, what is a reliable way of checking whether your phone
has the patches? Recently I got an update to my Moto X 2nd Gen to Version
23.16.5.en.US (Verizon carrier) which takes me to Lollipop 5.1. But most lists
I see about patches and which phones are fixed are from back in August.

~~~
whoopdedo
Zimperium, the white hats who discovered the problem, has an app the check if
your OS is vulnerable.

[https://play.google.com/store/apps/details?id=com.zimperium....](https://play.google.com/store/apps/details?id=com.zimperium.stagefrightdetector)

I think it's fair to assume anyone getting updates in the last two months has
been patched. Samsung even (partially) fixed it in the two-year old S3.

~~~
discreditable
It's still not completely fixed on my Samsung Galaxy S 5. According to that
app I'm open to CVE-2015-3864, which doesn't seem to have any details [1].

1\.
[https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-38...](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3864)

~~~
cpncrunch
The simple workaround is to just turn off MMS auto retrieval in your messaging
app.

PS I just got a software update for my Samsung Galaxy Tab Pro 8.4 this
morning, which included a fix for stagefright.

