Samsung Decides Not To Patch Kernel Vulnerabilities In Some S4 Smartphones

An anonymous reader writes: QuarksLAB, a security research company, has stumbled upon two kernel vulnerabilities for Samsung Galaxy S4 devices, which Samsung has decided to patch only for recent devices running Android Lollipop, but not Jelly Bean or KitKat. The two vulnerabilities (kernel memory disclosure and kernel memory corruption) were discovered in February 2014 and reported to Samsung in August 2014, affecting the samsung_extdisp driver of Samsung S4 (GT-I9500) devices. Bugs break ASLR and lead to denial of service (DoS) state or even elevating attacker privileges.

Re:The new normal for Android

[AK+Marc]

Android is safer if you root it and abandon the official versions. TouchWiz isn't that good anyway. Every other maker's UI is better than TouchWiz. My S3 was abandoned on an old version of Android, but I'd have to go boot it to see what. So Samsung has a habit of abandoning older generations. And iOS isn't any better, with less than 1 year support for my 3G, about the same as I got on my S3.

Android has the slight edge, because I can root it and go with a generic, or use a maker like Oppo with weekly OS updates, if you want to update that often.

Re:What kind of dumbass company...

[TheRaven64]

Mobile phone vendors make their money selling new phones. You want a new Android, get a new phone.

Sure, but the new phone I get will be from a vendor that I can trust to support it for its lifetime. I may upgrade my phone after 2-3 years, but I'll probably hand the old one off to someone else or use it as a spare. If the phone becomes useless after 1 year, then I'll factor that in when I calculate the value of the phone - if I can amortise the cost over 4 years rather than 2, then the cost of the phone is not as good.

Your contract will be up in 2 years

What kind of idiot signs a 2-year phone contract in 2015?

Re: The new normal for Android

[drinkypoo]

Great if CM support your phone. I've got a Note 2 and there's been no new milestone for a year. In any case isn't this a bug in the Samsung drivers so I'm not sure how CM would be able to fix this one.

Forget CM, go to XDA and look for other ROMs for your phone. Based on a quick glance over the appropriate forum, I suggest Resurrection Remix. Yeah, the names of these things are ridiculous. I'm running something called "KatKiss" on my Asus Transformer Prime. You can have it with a choice of three kernels, two without fsync (internal flash is abysmally slow) and one with. I am using the one with because data is more important to me than a couple more frames per second.