The vulnerabilities, which are similar in severity to the Stagefright family of bugs disclosed last year, have been fixed in updates Google began distributing Tuesday. A large percentage of Android phones, however, aren't eligible to receive the fixes. Even those that do qualify don't receive them immediately (the September updates are currently not available as over-the-air downloads for either of the Nexus 5X devices in my household). That gives attackers crude blueprints for exploiting vulnerabilities that remain unpatched on millions of devices.
Quote:
"The provided exploit performs this on several recent Android versions for the Nexus 5x and is both reliable and fast in my testing," he wrote in a blog post published Wednesday. "It would also be possible to make the exploit faster by directly generating the exploit files in javascript, reducing the unnecessary network round-trips [spent] retrieving identical mp4 files."
This. A 2 year old android phone is so much more outdated (especially in terms of security) than an iPhone
A 5-year-old iPhone 4S is more up to date and secure than most Android phones. The 5 is even getting iOS 10, and could get 11 as well considering the 4S stayed an extra version and 10 runs well on it.
