1. 7

    In think it’s clear at this point that anyone who takes mobile security seriously has to be using an Apple device. Samsung didn’t even respond to OPs outreach.

    1. 2

      CopperheadOS is pretty good about mobile security. Unfortunately they don’t have an update for this vulnerability quite yet, but it’s because the base AOSP project is being slow for some reason. There’s a thread about it here.

      Fortunately, kernels built with -fstack-protector-strong (as the Copperhead kernel is) will kernel panic instead of allowing the exploit to succeed. So Copperhead is fairly protected even without the update.

      Edit: I have the update now.

      1. 2

        For those who don’t know why @vosper makes this claim:

        All iPhone, iPad and iPod touch devices with iOS 9.3.5 and lower, and AppleTV devices with version 7.2.2 and lower are affected by the remote code execution vulnerability. This vulnerability was already mitigated by Apple in iOS 10, so no new patch is needed to mitigate it. We recommend you upgrade to the latest iOS or tvOS available.

        1. 1

          Well, Android is a surveillance platform, isn’t it? Just one more tool in the toolbox. ;) I wonder what Blackphone’s and Cryptophone’s response is on these kinds of things. If they’re not doing better, then Apple it is for safer mobile.

          1. 2

            As for the Blackphone 2, we receive every month an OTA update including the fixes from google. Just received the september update so I am patched.

            1. 1

              So, that’s up to 30 day wait. Anyone know what Apple’s average is?