Android Stagefright Bug Required 115 Patches, Millions Still At Risk

eWeek reports that "hundreds of millions of users remain at risk" one year after Joshua Drake discovered the Stagefright Android flaw. Slashdot reader darthcamaro writes: A year ago, on July 27, 2015 news about the Android Stagefright flaw was first revealed with the initial reports claiming widespread impact with a billion users at risk. As it turns out, the impact of Stagefright has been more pervasive...over the last 12 months, Google has patched no less than 115 flaws in Stagefright and related Android media libraries. Joshua Drake, the researcher who first discovered the Stagefright flaw never expected it to go this far. "I expected shoring up the larger problem to take an extended and large effort, but I didn't expect it to be ongoing a year later."
Drake believes targeted attacks use Stagefright vulnerabilities on unpatched systems, but adds that Android's bug bounty program appears to be working, paying out $550,000 in its first year.

And yet...

...My Galaxy S4 has received NONE of these updates.

Thanks, Sprint!

Re:And yet...

[jrumney]

The 115 is an alarmist figure. I've looked through some of the patches, and it seems what happened was:

1. Quick patch to MMS to mitigate the attack vector that was publicized
2. Quick patch to Stagefright library to avoid the vulnerability
3. Many patches to Stagefright to redesign the handling of media files completely
4. More quick patches to various components as more vectors to the original stagefright exploit were found

So only a handful of the patches are needed to avoid the exploits. The rest are general cleanup and redesign in response to the problems triggering a rethink about how to handle media from unknown sources.

Strangely, cheaper = more secure in this case

[Ecuador]

It is very strange that while Samsung phones that me and my wife used to have had were not updated much (especially the non-flagship devices), from the moment I tried the cheap Chinese Xiaomi I've been enjoying continuous updates to all devices, from flagship to budget (and this, along with other reasons, is why I am sticking with Xiaomi for the time being). E.g. your phone will be running Android 6.0.1 whether you have the latest flagship (Mi 5), or the previous flagship (Mi 4) or the flagship before that (Mi 3 from 2013) or their cheapest device from 2 years ago (Redmi 1S) etc. And all these cost 1/2 to 1/3 the price of the equivalent Samsung/LG etc.
So, in this case buying "cheap Chinese" means you are the most protected from such issues. Yes, I know Xiaomi does not sell to most countries, I had to order it from a Chinese e-tailer who had an EU warehouse. And if you order from a Chinese e-tailer, whatever brand the phone it is almost guaranteed to be full of adware and spyware so your first move would be a clean install. Which is surprisingly easy on a Xiaomi, in fact you don't even have to use a PC - you can just go to the Xiaomi website to download the latest version, rename the file per the instructions, reboot in recovery mode and clean-install it! They even have dual boot - keeping a clean OS in case you screw up your regular installation.
Sorry for the "ad", but I can't believe I have paid up to $600 in the past (or more if we include phones my company has provided me like the iPhone 6 Plus), when a $200-$250 phone has proved better IMHO in both hardware and software...