Patching software vulnerabilities is often a tricky business. Just consider what Engadget reported today about a patch Google just issued for the Stagefright vulnerability in a number of Android devices. Exodus Intelligence researchers reported that the patch didn’t actually fix the vulnerability, and they were still able to trigger it. As a result, Google has begun working on a patch for the patch.
If you’re wondering whether your Android device is vulnerable to Stagefright, there is an app you can use to check it out. The Stagefright Detector app from Zimperium, the firm that discovered the vulnerability, can check your device to find out if it is susceptible. (Note that there are at least three different “Stagefright Detector” apps in the store—you want the one made by Zimperium, not anyone else’s.)
And if your device is a phone…well, good luck. Your patch will need to come by way of your cellular carrier, and if they’re anything like mine they’ll need to put it through plenty of testing first. And if it’s an older phone…well, who knows if it will ever be patched?