Stagefright 2.0

Stagefright 2.0

Stagefright 2.0

SOLVED
Cawtau
Senior MVP

Stagefright 2.0

Hello,

 

  Firstly, I am aware of this thread.

 

  Is there an updated software upgrade schedule that fixes Stagefright 2.0 aka CVE-2015-6602? The previous upgrade did fix Stagefright, but the 2.0 version seems to be outstanding. 

 

Screenshot_2015-11-09-11-06-33.png

 

 

  I have checked and so far there are no new updates for my phone (Samsung Galaxy S5; Lollipop 5.1.1)

 

Cheers


Accepted Solution

Re: Stagefright 2.0

Solved by Community Manager

Hey Cawtau!

 

So, the GS5 software doesn't have CVE-2015-6602. It's likely that the next OS update will include a security patch for this.

 

I'll let you know if I hear anything else Smiley

 

Hope this helps.

View solution in context
11 REPLIES 11
FidoStephen
Community Manager

Hey Cawtau!

 

Based on our records, the update for the Galaxy S5 full Stagefright fix (Stage 1 & 2) began rolling our on October 8th. 

 

Could you let me know which build number/version your phone shows?

 

Thanks!



Hello FidoStephen,

 

Screenshot_2015-11-10-15-29-03.png

 

Cheers


Thanks! That is the build number associated to the Stagefright fix (Stage 1 & 2).

 

Since October 8, your phone hasn't prompted you to install an OTA update?



  I manually checked for an update this morning before I posted, and I just checked again. It says: 'The latest updates have already been installed'

 

  I also just re-checked the vulnerabilities using the VTS app and it still says the cve-2015-6602 is vulnerable.

 

Cheers


I'll need to get back to you on this one, Cawtau. Thanks for pointing this out!



Hey Cawtau,

 

I haven't forgotten about you; just waiting to receive some additional info. I'll let you know as soon as I do.



No worries, that thought never crossed my mind Wink

 

Cheers


Hello,

 

  The VTS for Android app recently updated. While it still shows cve-2015-6602 as vulnerable, it does provide some additional information.

Screenshot_2015-11-16-13-59-05.jpg

Screenshot_2015-11-16-14-39-07.jpg

 

 

  Apparently, it is fixed in 5.1.1_r9/LMY48K. I'm not that familiar with the different builds. I assume they are labelled in a chronological/alphanumeric way. That is, the LMY48K is a newer build than my current LMY47X. Does this information help at all?

 

Cheers


Thanks for the update Cawtau! Still waiting for information on this... Shouldn't be too much longer Smiley



Hey Cawtau!

 

So, the GS5 software doesn't have CVE-2015-6602. It's likely that the next OS update will include a security patch for this.

 

I'll let you know if I hear anything else Smiley

 

Hope this helps.




@FidoStephen wrote:

Hey Cawtau!

 

So, the GS5 software doesn't have CVE-2015-6602. It's likely that the next OS update will include a security patch for this.

 

I'll let you know if I hear anything else Smiley

 

Hope this helps.


 

  Okay thanks FidoStephen! I just find it strange that the VTS app still flagged it as vulnerable...

 

Cheers