Jolla is affected by QuadRooter
asked 2016-08-08 16:40:22 +0200
http://blog.checkpoint.com/2016/08/07/quadrooter/ https://play.google.com/store/apps/details?id=com.checkpoint.quadrooter Good time to upgrade Jolla's android.
3
Yes, that will provide pretty good shield from most attacks.
It is of course fairly easy to implement these attacks (or pretty much anything really) as native SFOS application but a good bet is that the target population is so small it is not really worthwhile. I'd be wary anyway of any binaries not installed from the Jolla Harbour, however... :)
Best practice is to only ever install packages you have yourself built from sources that you have at least cursorely eyeballed.
juiceme ( 2016-08-10 08:26:24 +0200 )edit7
1
I was curious about this as well. I used the search but only found this request to update the Qualcomm drivers: https://together.jolla.com/question/132122/upgrade-qualcomm-drivers-to-more-recent-level/ No real answer is given yet though.
Jozz ( 2016-08-08 17:14:00 +0200 )editI am seriously disappointed at how Jolla fails completely to provide timely security updates. It seems like there is no infrastructure at all for quicker updates than the quarterly version updates (which are often late, too).
Federico ( 2016-08-08 17:20:50 +0200 )editBlame Qualcomm, not Jolla.
ced117 ( 2016-08-08 17:54:03 +0200 )edit@ced117 I don't expect Qualcomm to provide bug-free software, but I do expect Jolla to release security fixes when a vulnerability comes up. It's not the only one; there is another thread mentioning several glibc vulnerabilities that have been there for months when a simple fix is available upstream. I can't blame Qualcomm for those.
Federico ( 2016-08-08 18:35:17 +0200 )edit@Federico About the glibc vulnerabilities, you might be right, Jolla is "in fault" here.
But again, Jolla cant release security fixes for something that they cant fix themselves. (Access to the source code of binary blobs, blablabla...)
ced117 ( 2016-08-08 19:47:33 +0200 )edit