This Andriod Vulnerability Demonstrates The Importance Of a Good CV(E)
Updates Need A Strong Cover Letter Too
There is a security vulnerability affecting Pixel 1 and 2 devices, Galaxy S7 through S9, the Huawei P20 and various models of Xiaomi, Oppo and Motorola devices as well … which has a patch but has not been widely distributed. The patch was released almost two years ago but unfortunately it was never assigned a Common Vulnerabilities and Exposures number, so no one really knew about it. This is a perfect example of why companies need verbose documentation about the patches they provide so that other company’s products which might suffer from that vulnerability will get patched to.
Now that the issue has been more widely disseminated The Inquirer suggests older model Pixel owners can expect a patch this month, but there is no word on when the others might be protected from this privilege escalation bug.
It had supposedly been patched in December 2017, but millions of widely used Android phones remain vulnerable - possibly because a CVE for the security flaw was never published and, hence, the bug hasn't been as actively tracked as it should have been.