The news comes from Israeli security firm Check Point in a new report. The security firm says hackers could use the flaw to read your text messages, listen to your phone conversations and in some cases even unlock your SIM card. Qualcomm told Tom's Guide that it has released a fix for the flaw to handset makers, but it may still be some time before many handset makers push the fix out to most users' phones.
This highlights the issue again around the need for more regular and uniform security patching and updating across the different Android brands, and especially for it to be happing over a few years as this vulnerability dates back to phones from 1990. I was attracted to Android originally because of the freedoms of choice that manufacturers could offer, then I moved to Pixel phones because I was worried about not getting patches quickly enough, and then I ditched Android for iOS mainly because patches and updates roll out quickly for 7+ years.
So this is a problem of the ecosystem in that both Qualcomm and Google have done their bit, but now users are at the mercy of OEMs to roll out the patches. Most will do it for new phones (as will LineageOS and other custom ROMs), but anyone with 3 or 5 year phones is not likely to see any patches coming through at all. That is not good!
See
Serious Android flaw threatens hundreds of millions of users — what to do#
technology #
security #
android #
softwareupdatesModem flaw could be used to steal data, hide malware