Ask / Submit

Is Alien Dalvik affected by the Android vulnerabilities? [answered]

asked 2018-12-05 11:53:44 +0300

dominican gravatar image

updated 2018-12-05 19:27:23 +0300

I am newbie using sailfish, i am using some android apps like whatsapp and opera and I installed drweb security space to monitor the android apps, but it shows that Alien Dalvik have 5 vulnerabilities:

-ObjectInputStream Serialization (CVE-2014-7911) -Stagefright -OpenSSLX509Certificate (CVE-2015-3825) -Blueborne -Toast Overlay (CVE-2017-0752)

I would like to know you if those Alien Dalvik's Vulnerabilties affects me seriously? and if there is a plan to patch it?

edit retag flag offensive reopen delete

The question has been closed for the following reason "the question is answered, an answer was accepted" by dominican
close date 2018-12-22 18:17:47.774103

1 Answer

Sort by » oldest newest most voted

answered 2018-12-05 13:10:25 +0300

Sakke gravatar image

It's highly possible that these vulnerabilities can be exploited on Alien dalvik in some way but I'd take no big concern about this. It's rather the thing that some of those exploits can't even work on Sailfish since Android layer and Sailfish don't come along with all the functions and other stuff that are necessary to the vulnerabilities. For example Stagefright which is, as far as I've understood, about exploiting through MMS messages etc which Android layer isn't even capable on Sailfish OS

How about fixing these? I'm not so sure about the fixing process. We've discussed about the subject every now and then on here Jolla Together. I've understood that patching in some level is manageable but some patches require newer Android version (Alien dalvik) or even kernel related things.

Maybe someone who knows better can open up some things here too :)

edit flag offensive delete publish link more



Hurray! Alien dalvik problems protect us? 😄

potski ( 2018-12-06 09:59:20 +0300 )edit

I'd say it's not Alien dalvik problems themselves but rather the fact that Alien dalvik can't properly do things that are required in most of the Android vulnerabilities. In some cases it's about Alien dalvik not being able to force things on Sailfish OS (privilege issues or not implemented) and other cases about your discussed problems, perhaps.

Sakke ( 2018-12-06 21:01:04 +0300 )edit

Question tools



Asked: 2018-12-05 11:53:44 +0300

Seen: 747 times

Last updated: Dec 05 '18