[Swordmaker]

The patch for the StageFright exploit released last week doesn't work in all cases and hackers can go ahead and breech Android anyway! Plus a new flaw in Android allows apps to break through the sandboxing. . . and steal data and passwords from other apps. Information in the Ars Technica article. — Swordmaker

[Swordmaker]

Two more security hits on Android . . . the patch released by Google for StageFright last week, which they are still pushing out, doesn't fix the problem, and a new vulnerability that breaks the Android sandbox that allows apps to steal data and passwords revealed today. Info from Ars Technica. — PING!

Ping to dayglored and Shadow Ace for your lists. . .

Android Security
Ping!

If you want on or off the Mac Ping List, Freepmail me.

[Scrambler Bob]

M4L Android

[ShadowAce]

[dila813]

http://www.theverge.com/2015/8/5/9099627/google-stagefright-android-vulnerability-protect-patch

Stagefright has had trouble getting around Android’s Address Space Layout Randomization protections (commonly known as ASLR). The bug can still be used to trigger unauthorized code — a troubling result under any circumstances — but ASLR system has made it difficult to reliably run any specific piece of code across a range of devices, a difficulty acknowledged by Drake himself.

from Twitter:
Hey guys! Instead of redoing/reproducing my work, why don’t you see if you can bypass ASLR via Stagefright!
— Joshua J. Drake (@jduck) August 3, 2015

Not as easy an exploit on the Android to execute, Ars Technica has lots of hype.

Huge PR hit for Android, and it is speeding up security updates to phones from months to weeks.

[ibheath]

If you do start an Android Ping list, please add me to it.