https://m.androidcentral.com/numerous-android-oems-discovered-be-lying-about-security-patches
Wow. I really don’t know what else to say other than wow.
Wow. I really don’t know what else to say other than wow.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Lies and Security Patches
- Thread starter Michael Goff
- Start date
- Sort by reaction score
I have said this many times before about patches and what they are supposedly patching.
How do you know what they are patching is actually a known exploit/security threat?
If Google or Apple sends out an security patch how do you know its validity?
If a company says they are up to date on security patches and threats....how do we know?
How do we know they are not skipping some security exploits?
I wouldn’t drag Google and Apple into this, they’re doing good. It’s cheap OEMs that are messing up.
How do you know? I agree that some of the low cost OEMs will skip steps in security patching.
But we shouldn't just blindly take others word for things....
Because they both state everything they patch and are easily tested. And if you think people wouldn’t be leaping at the chance to call out Apple and Google, you live in a much better world than I do.
Missing some patches, did you say? Pookie says this is an outrage.
Thanks for the heads up.
(No, not my cat. I have one that looks like that but minus the orange).
Thanks for the heads up.
(No, not my cat. I have one that looks like that but minus the orange).
I think you are giving them too much benefit of doubt.
Did you think Facebook wasn't selling your information to whomever came calling?
Do you think they have your best interest at heart too?
Not all security exploits are published to the masses. Companies only patch for published exploits.
Some exploits are sent to these companies to get bounties and then they are paid and sign an NDA. Then it is up to the company as to whether they patch it or not....or whether they publish the exploit
Edit:
Here is one on the Mac side
15-year-old Unpatched Root Access Bug found in Apple’s macOS
https://www.hackread.com/15-year-old-root-access-bug-in-apple-macos/
Last edited:
That’s not even what this topic is about. The article in question says they’re saying they’re patching things and not actually patching them. :|
[doublepost=1523554022][/doublepost]
Cats make my day 100000x better.
agreed...they are lying. But what are they lying about? Patches that are known and published...what about exploits they know about but aren't patching or publishing.
We are only taking their word for it that they are up to date on the security patches they release. We really don't if there are more they don't patch for.
No, we know there are a thousand thousand problems in every OS that isn’t patched. And no, I didn’t accidentally put the word thousand twice, I meant to.
Because Apple actually releases the security corrections on their patch notes website. I’m not sure if Samsung does the same but they should if they don’t.
They release notes for security patches that they are patching. What about known exploits or security patches they are not telling you about? What if there are more than they are publishing? Are you just taking their word for it? If so then that is your choice to make.
Exactly, none of us are security experts in the loop about known exploits. Which is why it's mind-boggling why some users are so demanding to have the most recent security update. Some users treat updates like a false security blanket. Not saying security updates don't take care of exploits, but it's the most obvious and hyped up exploits that get patched. I'm pretty sure there are many exploits in existence for some time now that are not getting the attention to be patched.
I highly doubt any company can patch undiscovered exploits, of course they will always exist but in order for a company to fix them, they first need to be found by some 3rd party. No code is perfect.
Why is it mind boggling for customers to want their product to be taken care of? We wouldn’t be okay with this on PC land, why are we coming up with excuses just because it’s mobile?
I don’t understand this. It’s not a good idea to come up with these excuses. We should be holding companies accountable.
Then what are you talking about? You can’t know exploits if they aren’t discovered even if you coded the whole OS yourself.
They’re trying to pull attention from the actual issue. It’s a type of cheerleading.
Excuses for what? I myself have not gave any of these manufacturers a pass. But I'm challenging the mentally of many users having damn near temper tantrums for not having the latest security update, especially since they know next to nothing about the exploits.
And no, us PC users don't have a security patch obsession. Many like myself even do the temporary update opt out, or edit services to update manual only.
There are many KNOWN/DISCOVERED exploits of operating systems, apps, and hardware that haven't been patched for whatever given reason.
There isn't much to talk about. Some manufacturers lied about security patches, big whoop. Should it be corrected? YES!!! Are Android users under an imminent security threat, NO!!!! Now if that's cheerleading, then so be it. Don't know what type of insane panic you were expecting.
Excuses for what? I myself have not gave any of these manufacturers a pass. But I'm challenging the mentally of many users having damn near temper tantrums for not having the latest security update, especially since they know next to nothing about the exploits.
And no, us PC users don't have a security patch obsession. Many like myself even do the temporary update opt out, or edit services to update manual only.
There are many KNOWN/DISCOVERED exploits of operating systems, apps, and hardware that haven't been patched for whatever given reason.
There isn't much to talk about. Some manufacturers lied about security patches, big whoop. Should it be corrected? YES!!! Are Android users under an imminent security threat, NO!!!! Now if that's cheerleading, then so be it. Don't know what type of insane panic you were expecting.
Insane panic is how you refer to it as. I refer to it as holding companies accountable for providing actual service. And you’re trying to downplay complaints about bad service. It’s not bitching, it’s not insane panic, it’s not throwing temper tantrums.
It’s everyone having a small computer with their bank account information, credit cards, and every other piece of information on it. And it’s about wanting that to be as secure as humanly possible. Google is even doing the work for these companies.
Everyone complains about the prices of Pixels and iPhones by as it turns out you’re paying for that cheaper phone through not being actually secure. And yes, a several month old patch phone is less secure than a Pixel on the current month.
1) I already stated I'm not giving companies a pass. There is nothing to downplay, they got caught lying about security patches. Since this is now out in the open, manufacturers that continue to do such will lose out on sales and reputation.
2) The high majority of personal info is got through phishing and exploits on company's sever setups.
3) Security is not even in the top 5 factors of pricing.