While Google has already patched three of the four QuadRooter vulnerabilities on its devices, Sony isn’t going to go out of its way to release security updates for its phones to prevent malicious apps from taking advantage of the QuadRooter exploits. Sony has officially stated that it is “working to make the security patches available within normal and regular software maintenance.”
Sony’s approach to patching the QuadRooter vulnerabilities may sound a bit shocking, but it’s not unexpected. Malicious applications with QuadRooter exploits can gain full control of a user’s device, but most Android phones with Google Play services installed have some level of protection thanks to Android’s Verify Apps feature. They only way that a user would be vulnerable to a QuadRooter attack would be if they disabled the Verify App feature on their device and installed an application from a third-party.
“Sony Mobile takes the security and privacy of customer data very seriously. We are aware of the ‘QuadRooter’ vulnerability and are working to make the security patches available within normal and regular software maintenance, both directly to open-market devices and via our carrier partners, so timings can vary by region and/or operator. Consumers are recommended to continuously upgrade their phone software in order to optimize performance of their Xperia™ smartphone. Users can take steps to protect themselves by only downloading trusted applications from reputable application stores.”
We wouldn’t be surprised if other manufacturers took the same approach as Sony.
Based on how you use your Android device, do you feel you may be vulnerable to a QuadRooter attack?
from Phandroid http://ift.tt/2aLHWTX