Categories

Samsung won’t patch some serious vulnerabilities in the Galaxy S4 kernel

There are certain research companies that are dedicated to looking for vulnerabilities in many devices and QuarksLAB has found with two bass in the kernel of some Samsung Galaxy S4.

The problem is not this, since vulnerabilities appear often in many devices, the problem is that Samsung has announced that only will patch mobiles with Android Lollipop or higher and it will leave behind the versions of Android with Jelly Bean or Android KitKat.

Samsung has covered the problem in a murky way

Explaining these vulnerabilities is a bit complex, but let’s leave it in that the first is capable of leaking information from memory or even breaking the ASLR kernel if it is enabled on the device and the second allows overwriting some data giving power to the intruder to control the device. Kernel vulnerabilities are the easiest starting point for the most dangerous attacks and that is a serious problem.

These serious vulnerabilities will be patched only on devices with Android versions 5.0 Lollipop or higherAs Samsung has taken up to 3 months to affirm that these errors were true and has only responded to the emails from QuarksLAB when this company made these reports public a few days ago (the errors had been discovered in November 2014).

Samsung wants money but not spend on development for old phones

It seems a bit strange to us that Samsung has evaded the problem and has not put to work on these serious vulnerabilities for almost a year that they have known about it. The company has tried cover all this topic but in the end he had to defend himself when the blog entry appeared and his image was a bit affected.

This reminds us that companies are not willing to spend so much on the development of their old products, that now the Android versions will be updated every month with all the serious vulnerabilities discovered and necessary security patches, it may be true but it will be something own for the newest and most acclaimed mobiles by the company, don’t expect them all to be updated. One of the companies that we should admire is Sony that will update some phones to Marhsmallow older than some NexusThat is the idea of ​​Sony, pamper those who buy its products and not create the need for its followers to renew the mobile every year if it is not necessary.