Samsung Decides Not To Patch Kernel Vulnerabilities In Some S4 Smartphones

An anonymous reader writes: QuarksLAB, a security research company, has stumbled upon two kernel vulnerabilities for Samsung Galaxy S4 devices, which Samsung has decided to patch only for recent devices running Android Lollipop, but not Jelly Bean or KitKat. The two vulnerabilities (kernel memory disclosure and kernel memory corruption) were discovered in February 2014 and reported to Samsung in August 2014, affecting the samsung_extdisp driver of Samsung S4 (GT-I9500) devices. Bugs break ASLR and lead to denial of service (DoS) state or even elevating attacker privileges.

The new normal for Android

The number of exploits is increasing exponentially but the vendors are scaling back security patches across the board.

MBA's FTW.

Article is FUD

[the+Hewster]

This article makes no sense. It says the vulnerability affects the Galaxy S4 but only if you are running an outdated firmware (like Kit kat). However, there is an official (pushed OTA) update to Jelly Bean on this device, so all you have to do to not be vulnerable is apply the update! Same as usual: if you want to avoid vulnerabilities, update your stuff regularly.