Android OEMs Duping Security Patches

Posts
5
Registration date
Saturday April 14, 2018
Last seen
April 14, 2018
- - Latest reply: kgbme
Posts
5
Registration date
Saturday April 14, 2018
Last seen
April 14, 2018
- Apr 14, 2018 at 05:29 PM
Click the link below to learn more about the topic in this thread:

http://ccm.net/news/28593-android-oems-duping-security-patches

See more 
kgbme
Posts
5
Registration date
Saturday April 14, 2018
Last seen
April 14, 2018
-
Yes, thank you very much (so true)! For years and years, Android device manufacturers have been consistently horrible at supplying updates.

This is, also, including critical patches even when something big happens, such as BlueBorne:
https://github.com/ArmisSecurity/blueborne/

So, for example, I had purchased the Lenovo Vibe C2 (K10_a40) and the last (Global, "ROW") ROM for it was (the same as what the phone came with, originally, believe it or not):
Lenovo_K10a40_S224_MT6735_20161118

OTA Update (Over the Air) has only offered:
Lenovo_K10a40_S225_MT6735_20161226

& totally by chance I've been able to find an update:
Lenovo_K10a40_S230_MT6735_20170517

... However, Lenovo does NOT provide an official flash tool, to update the phone software. Their KIES program will only accept whatever update is available as the OTA update, the same as what is built into the phone. As if they're trying to make life difficult for the customer. :/

The extra patch /firmware which I'd been able to find is: "March 5, 2017 Android security patch level", which means that my device will FOREVER stay vulnerable to the Bluetooth exploit as it was discovered on September 12, 2017.

This is confirmed by taking a look at the Lenovo Android Upgrade Matrix @
https://support.lenovo.com/us/en/solutions/ht501098

While we're on the topic, might as well check your device as Wikipedia says: "In 2017, BlueBorne was estimated to potentially affect over 8.2 billion devices worldwide", https://en.wikipedia.org/wiki/BlueBorne_(security_vulnerability)
Respond to kgbme