Microsoft fixes Windows security hole likely widely exploited by miscreants September's Patch Tuesday is here and it brings, among other things, fixes from Microsoft for one security bug that miscreants have used to fully take over Windows systems along with details of a second vulnerability that, while not yet under attack, has already been publicly disclosed. In total, Redmond patched or addressed …
El Reg's new style is no excuse for bad grammar:
Snippet: "enabling them to fully _takeover_ the machine"
Form: verb-subject-preposition-adverb-[verb]-article-object
Except "takeover" (one word) is a noun; they should have used "take over" (two words) -- a "verb(al) phrase".
Come on, you Vultures! Do I need to post the link to a sentence diagramming primer?
> we'd suggest patching your Android device OS ASAP
Seriously? As if users had any say in it!...
You're entirely dependent on the phone's manufacturer who can chose if, when and what will be patched, all while trying to convince you to rather buy the latest model.
The Android patching system is abysmal. Project Treble (2017...) had sparked some hope that the problem would eventually be fixed, but there are clearly vested interests in making sure your phone won't be upgraded too much, how else would they force you to buy a new one every couple years.
Interesting. I still have an iPhone SE first generation. From 2016. It's 2022. It was just updated to iOS 15.7 on Monday. The end is in sight: it won't be able to use iOS 16, but there is likely to be at least one more update to iOS 15. Six years is a hell of a lot more than the typical life of an Android device.
> we'd suggest patching your Android device OS ASAPSeriously? As if users had any say in it!...
You're entirely dependent on the phone's manufacturer who can chose if, when and what will be patched, all while trying to convince you to rather buy the latest model.
The Android patching system is abysmal. Project Treble (2017...) had sparked some hope that the problem would eventually be fixed, but there are clearly vested interests in making sure your phone won't be upgraded too much, how else would they force you to buy a new one every couple years.
A thousand times yes. I have a seven year-old 'landfill tablet', running Android Lollipop, abandoned by the manufacturer and retailer. No chance of an upgrade, and no postmarket OS of any type available (locked bootloader). It still happily surfs, and Google still tell me I need to 'upgrade' my account by telling them my 'phone number. I too had hopes that Project Treble might improve things.
As it is, I still want to get my hands on a PineTab.
Yup.
I had a similar experience both with an off-brand android tablet and an Samsumg Note 8.
I was able to get a different firmware (LiniageOS) on both, but the off brand tablet ran slower than molasses on a cold winter's day, and a bunch of stuff on the Note 8 didn't work, because Samsung decided (in their infinite wisdom) to not contribute drivers for things like the audio subsystem to the overall ecosystem. (we'll ignore the pen input for the moment, but it was also not present)
Samsung has a track record of providing 18 months worth of updates to their devices period- after that, even if it's a security issue that ranks a 12 on the CVSS scale*, you are SOL by and large, and your only real choice is to get a different device, even if the hardware is still functional.
Shame really, the Note 8 was pretty decent hardware and the pen input was very useful for doodling with.
>here's a wish-list item for Redmond: how about giving organizations a little more detail about the bugs and how to mitigate them?
>how to mitigate them?
I haven't read the Patch Tuesday release notes, but I'm fairly certain that they will state that installing the latest patches is the mitigation.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
