What version of libwebp does Boost use and if it is currently vulnerable, when can we expect an update to fix this issue? The affected versions of libwebp are 0.5.0 to 1.3.1.

  • Prizephitah
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    So there is no central framework for pushing fixes to urgent fixes? Patching zero-days?

    • seaQueue@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      Welcome to the wonderful world of Android. They’re rolled into the monthly AOSP security patch and end users are at the mercy of the OEM’s update schedule.

      This is why Pixel phone regular updates are a big deal, and a reason to run a regularly updated third party ROM like LineageOS.

      • Flyswat@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        This is why Pixel phone regular updates are a big deal, and a reason to run a regularly updated third party ROM like LineageOS.

        This is the very reason why I use LineageOS (as well as getting rid of bloatware).

      • Prizephitah
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        As a person that’s been rolled into smartphones via work (iPhone 3Gs) and then never daily driven an Android, but always thought it might be more to my liking, I’m aghast. How can this be accepted? I now understand why large botnets often is comprised of Android devices.

        • seaQueue@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          1 year ago

          Zero days aren’t the big driver of botnets, there are millions (if not hundreds of millions) of very cheap, very old, android devices out there. If you look at the periodic stats Google releases >50% of devices are running an Android version <= 10. Something like 20% of Android devices (at least according to the stats Google provides) running Android <= 5.

          Per earlier this year: https://m.gsmarena.com/android_13_is_now_running_on_12_of_devices_in_the_wild-news-58244.php

          I’m assuming these stats don’t even cover a huge number of cheap Indian or Chinese devices too, those don’t come with Google services at all.