FORUMS

Top Forum Discussions

[ROM] [DISCUSSION] Official CyanogenMod 11 Nightlies [4.4.4] [GT-I9100]

725 posts
Thanks Meter: 1,193
 
By koolkunz, Senior Member on 3rd February 2014, 10:47 AM
Post Reply Subscribe to Thread Email Thread
25th August 2015, 10:56 AM |#3491  
Junior Member
Thanks Meter: 3
 
More
Quote:
Originally Posted by Lanchon

so really, why not just disable the MMS APN and be done with it? anybody uses MMS at all these days? i mean it's just a big unnecessary obsolete attack surface that is there because the operators are greedy and shortsighted and like to think we are too.

im using a may 4th build in my phone. and cm11. really, is there any urgency here?

Hi Lanchon,

The main problem is that MMS is just 1 of the many ways to exploit Stagefright. It can be exploited through Whatsapp/Telegram/Email and Web as well. Except it would probably require some user interaction as oposed to MMS. But still pretty serious.
The Following 2 Users Say Thank You to erikk1 For This Useful Post: [ View ]
 
 
25th August 2015, 05:25 PM |#3492  
Senior Member
Thanks Meter: 1,886
 
More
Quote:
Originally Posted by noppy22

The problem is, the alternative to MMS is using whatsapp or something similar which requires everyone to be using the same app(AFAIK). Where I live(Australia) we are somewhat backward and these apps are not in common enough use to be practical. I would love it if everyone I knew dumped MMS for something more practical/cheaper/smarter, but so far it hasn't happened. And most people I know just give me a glazed look when I try to explain the stagefright vulnerabilities.
That said, I'm sure if stagefright was such a big issue then it would be everywhere....

i didn't know anybody still used MMS. i went from SMS straight to IP. anywgay, i guess this calls for a build then. but there was a new vuln about to be published these days, wasn't it?

---------- Post added at 01:25 PM ---------- Previous post was at 01:24 PM ----------

Quote:
Originally Posted by erikk1

Hi Lanchon,

The main problem is that MMS is just 1 of the many ways to exploit Stagefright. It can be exploited through Whatsapp/Telegram/Email and Web as well. Except it would probably require some user interaction as oposed to MMS. But still pretty serious.

i'd like to believe that all important apps from the market like hangouts, whatsapp, gmail, have fixed this internally.
The Following 3 Users Say Thank You to Lanchon For This Useful Post: [ View ]
25th August 2015, 05:33 PM |#3493  
Junior Member
Thanks Meter: 3
 
More
Quote:
Originally Posted by Lanchon

i'd like to believe that all important apps from the market like hangouts, whatsapp, gmail, have fixed this internally.

Not sure they reliably can without blocking video entirely.
The Following User Says Thank You to erikk1 For This Useful Post: [ View ]
25th August 2015, 06:02 PM |#3494  
Acid0057's Avatar
Senior Member
Flag Hanover, Ontario
Thanks Meter: 213
 
More
Quote:
Originally Posted by Lanchon

i didn't know anybody still used MMS. i went from SMS straight to IP. anywgay, i guess this calls for a build then. but there was a new vuln about to be published these days, wasn't it?

---------- Post added at 01:25 PM ---------- Previous post was at 01:24 PM ----------



i'd like to believe that all important apps from the market like hangouts, whatsapp, gmail, have fixed this internally.

Quote:
Originally Posted by erikk1

Not sure they reliably can without blocking video entirely.

They can't fix it internally in the app. Has to be fixed at the system level. Yes there was a new vunerablity but the patch has already been merged into the base cm11 and cm12.1. Should be as simple as Syncing your repo and building again lanchon. Also not sure if these changes warrant a new build of your cm 11 trim kernel too.

Sent from my GT-I9100 flowing on SwiftKey in Tapatalk
The Following 2 Users Say Thank You to Acid0057 For This Useful Post: [ View ]
Post Reply Subscribe to Thread

Tags
cyanogenmod 11, discussion, nightlies, offical
Previous Thread Next Thread
Thread Tools
Display Modes