Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Here's the security bulletin for January: https://source.android.com/docs/security/bulletin/2023-01-01

How do I determine which, if any, of these is fixed via the Play store update mechanism?



The bulletin specifies only CVE-2023-20912 as being fixed by Play Store. https://source.android.com/docs/security/bulletin/2023-01-01...


I'm puzzled ... I can understand why the BLE drivers would still require a firmware update (and that is fine since drivers for older hardware shouldn't be much of a problem), but why wouldn't all of the Framework vulnerabilities be handled via Play Store updates. I believe that all of the Framework is updatable in this way. Perhaps it's because that is not true of Android 10 so they need to address it in a firmware update anyway?


Wow. So "the majority of security issues are patched immediately and silently through the play store" seems catastrophically incorrect.


Well, yes, I have to agree. See the other comment I just posted. My understanding is that they are at the point (at least now with Android 13, which is what the Nokia will presumably ship with) that they can update most of userland (and even graphics drivers though that requires vendor participation), so they should be able to address Framework vulnerabilities, which is the critical discrepancy here.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: