Lies and Security Patches

Discussion in 'Alternatives to iOS and iOS Devices' started by Michael Goff, Apr 12, 2018.

  1. Michael Goff macrumors G5

    Michael Goff

    Joined:
    Jul 5, 2012
    #1
    https://m.androidcentral.com/numerous-android-oems-discovered-be-lying-about-security-patches

    Wow. I really don’t know what else to say other than wow.
     
  2. jamezr macrumors G4

    jamezr

    Joined:
    Aug 7, 2011
    Location:
    US
    #2
    I have said this many times before about patches and what they are supposedly patching.
    How do you know what they are patching is actually a known exploit/security threat?
    If Google or Apple sends out an security patch how do you know its validity?

    If a company says they are up to date on security patches and threats....how do we know?
    How do we know they are not skipping some security exploits?
     
  3. Michael Goff thread starter macrumors G5

    Michael Goff

    Joined:
    Jul 5, 2012
    #3
    I wouldn’t drag Google and Apple into this, they’re doing good. It’s cheap OEMs that are messing up.
     
  4. jamezr macrumors G4

    jamezr

    Joined:
    Aug 7, 2011
    Location:
    US
    #4
    How do you know? I agree that some of the low cost OEMs will skip steps in security patching.

    But we shouldn't just blindly take others word for things....
     
  5. Michael Goff thread starter macrumors G5

    Michael Goff

    Joined:
    Jul 5, 2012
    #5
    Because they both state everything they patch and are easily tested. And if you think people wouldn’t be leaping at the chance to call out Apple and Google, you live in a much better world than I do.
     
  6. GrumpyMom macrumors 604

    GrumpyMom

    Joined:
    Sep 11, 2014
    #6
    Missing some patches, did you say? Pookie says this is an outrage.

    Thanks for the heads up.

    041362B2-13D4-468A-A502-5F32B12ABAB7.jpeg
    (No, not my cat. I have one that looks like that but minus the orange).
     
  7. jamezr, Apr 12, 2018
    Last edited: Apr 12, 2018

    jamezr macrumors G4

    jamezr

    Joined:
    Aug 7, 2011
    Location:
    US
    #7
    I think you are giving them too much benefit of doubt.
    Did you think Facebook wasn't selling your information to whomever came calling?
    Do you think they have your best interest at heart too?

    Not all security exploits are published to the masses. Companies only patch for published exploits.

    Some exploits are sent to these companies to get bounties and then they are paid and sign an NDA. Then it is up to the company as to whether they patch it or not....or whether they publish the exploit


    Edit:
    Here is one on the Mac side
    15-year-old Unpatched Root Access Bug found in Apple’s macOS
    https://www.hackread.com/15-year-old-root-access-bug-in-apple-macos/
     
  8. Michael Goff thread starter macrumors G5

    Michael Goff

    Joined:
    Jul 5, 2012
    #8
    That’s not even what this topic is about. The article in question says they’re saying they’re patching things and not actually patching them. :|
    --- Post Merged, Apr 12, 2018 ---
    Cats make my day 100000x better.
     
  9. jamezr macrumors G4

    jamezr

    Joined:
    Aug 7, 2011
    Location:
    US
    #9
    agreed...they are lying. But what are they lying about? Patches that are known and published...what about exploits they know about but aren't patching or publishing.
    We are only taking their word for it that they are up to date on the security patches they release. We really don't if there are more they don't patch for.
     
  10. Michael Goff thread starter macrumors G5

    Michael Goff

    Joined:
    Jul 5, 2012
    #10
    No, we know there are a thousand thousand problems in every OS that isn’t patched. And no, I didn’t accidentally put the word thousand twice, I meant to.
     
  11. givemeanapple macrumors Demi-God

    givemeanapple

    Joined:
    Oct 2, 2016
    Location:
    Earth
    #11
    Because Apple actually releases the security corrections on their patch notes website. I’m not sure if Samsung does the same but they should if they don’t.
     
  12. nviz22 macrumors 601

    nviz22

    Joined:
    Jun 24, 2013
    #12
    Could someone successfully sue manufacturers in the US and win? Maybe this could compel Congress to create a law requiring 2 years of software updates and 2 year warranties with each new phone.
     
  13. jamezr macrumors G4

    jamezr

    Joined:
    Aug 7, 2011
    Location:
    US
    #13
    They release notes for security patches that they are patching. What about known exploits or security patches they are not telling you about? What if there are more than they are publishing? Are you just taking their word for it? If so then that is your choice to make.
     
  14. nviz22 macrumors 601

    nviz22

    Joined:
    Jun 24, 2013
    #14
    Not saying Apple and Google are saints, but if you care more about software, go towards those devices. The Essential Phone, Nokia, and OnePlus are others that update phones more frequently than Samsung too.
     
  15. givemeanapple macrumors Demi-God

    givemeanapple

    Joined:
    Oct 2, 2016
    Location:
    Earth
    #15
    I can’t possibly know about known exploits that they might not be telling us.
     
  16. Michael Goff thread starter macrumors G5

    Michael Goff

    Joined:
    Jul 5, 2012
    #16
    It really sounds like you’re trying to obscure the issue here.
     
  17. LIVEFRMNYC macrumors 604

    Joined:
    Oct 27, 2009
    #17
    Exactly, none of us are security experts in the loop about known exploits. Which is why it's mind-boggling why some users are so demanding to have the most recent security update. Some users treat updates like a false security blanket. Not saying security updates don't take care of exploits, but it's the most obvious and hyped up exploits that get patched. I'm pretty sure there are many exploits in existence for some time now that are not getting the attention to be patched.
     
  18. givemeanapple macrumors Demi-God

    givemeanapple

    Joined:
    Oct 2, 2016
    Location:
    Earth
    #18
    I highly doubt any company can patch undiscovered exploits, of course they will always exist but in order for a company to fix them, they first need to be found by some 3rd party. No code is perfect.
     
  19. LIVEFRMNYC macrumors 604

    Joined:
    Oct 27, 2009
    #19
    Myself and jamezr are not speaking about undiscovered.
     
  20. Michael Goff thread starter macrumors G5

    Michael Goff

    Joined:
    Jul 5, 2012
    #20
    Why is it mind boggling for customers to want their product to be taken care of? We wouldn’t be okay with this on PC land, why are we coming up with excuses just because it’s mobile?

    I don’t understand this. It’s not a good idea to come up with these excuses. We should be holding companies accountable.
     
  21. givemeanapple macrumors Demi-God

    givemeanapple

    Joined:
    Oct 2, 2016
    Location:
    Earth
    #21
    Then what are you talking about? You can’t know exploits if they aren’t discovered even if you coded the whole OS yourself.
     
  22. Michael Goff thread starter macrumors G5

    Michael Goff

    Joined:
    Jul 5, 2012
    #22
    They’re trying to pull attention from the actual issue. It’s a type of cheerleading.
     
  23. LIVEFRMNYC macrumors 604

    Joined:
    Oct 27, 2009
    #23
    Excuses for what? I myself have not gave any of these manufacturers a pass. But I'm challenging the mentally of many users having damn near temper tantrums for not having the latest security update, especially since they know next to nothing about the exploits.

    And no, us PC users don't have a security patch obsession. Many like myself even do the temporary update opt out, or edit services to update manual only.

    There are many KNOWN/DISCOVERED exploits of operating systems, apps, and hardware that haven't been patched for whatever given reason.


    There isn't much to talk about. Some manufacturers lied about security patches, big whoop. Should it be corrected? YES!!! Are Android users under an imminent security threat, NO!!!! Now if that's cheerleading, then so be it. Don't know what type of insane panic you were expecting. :cool:
     
  24. Michael Goff thread starter macrumors G5

    Michael Goff

    Joined:
    Jul 5, 2012
    #24
    Insane panic is how you refer to it as. I refer to it as holding companies accountable for providing actual service. And you’re trying to downplay complaints about bad service. It’s not bitching, it’s not insane panic, it’s not throwing temper tantrums.

    It’s everyone having a small computer with their bank account information, credit cards, and every other piece of information on it. And it’s about wanting that to be as secure as humanly possible. Google is even doing the work for these companies.

    Everyone complains about the prices of Pixels and iPhones by as it turns out you’re paying for that cheaper phone through not being actually secure. And yes, a several month old patch phone is less secure than a Pixel on the current month.
     
  25. LIVEFRMNYC macrumors 604

    Joined:
    Oct 27, 2009
    #25
    1) I already stated I'm not giving companies a pass. There is nothing to downplay, they got caught lying about security patches. Since this is now out in the open, manufacturers that continue to do such will lose out on sales and reputation.

    2) The high majority of personal info is got through phishing and exploits on company's sever setups.

    3) Security is not even in the top 5 factors of pricing.
     

Share This Page