OESF Portables Forum

Model Specific Forums => Cosmo Communicator => Cosmo Communicator - Android => Topic started by: adfh on February 13, 2020, 06:39:36 am

Title: BlueFrag patch?
Post by: adfh on February 13, 2020, 06:39:36 am

“BlueFrag” (CVE-2020-0022) is a bug with Android’s l2cap implementation. It affects all Android 8 and 9 devices with Bluetooth enabled, allowing for remote crashing and arbitrary code execution. It’s been assigned a Critical severity in the February Android Security Bulletin (A-143894715).

https://www.engadget.com/2020/02/09/android...-security-flaw/ (https://www.engadget.com/2020/02/09/android-bluefrag-security-flaw/)
https://insinuator.net/2020/02/critical-blu...-cve-2020-0022/ (https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/)
https://source.android.com/security/bulletin/2020-02-01.html (https://source.android.com/security/bulletin/2020-02-01.html)

It looks that unlike a lot of other bugs that seem to be chipset specific, the issue lies with an Android component, so the Cosmo is likely affected. Has anyone heard if there's going to be a patch for this? Otherwise.. I reckon a good idea to turn off bluetooth in crowded areas unless you need it.

Title: BlueFrag patch?
Post by: adfh on March 26, 2020, 08:57:38 pm

Does anyone know if the latest patch includes fix for Bluefrag? It doesn't seem to, based upon the Android patch level date of 5-Jan.

Title: BlueFrag patch?
Post by: Isurus65 on March 31, 2020, 02:44:08 am

Quote from: adfh

Does anyone know if the latest patch includes fix for Bluefrag? It doesn't seem to, based upon the Android patch level date of 5-Jan.

Just updated to V21. Android Security Update of 5 July 2019.

Title: BlueFrag patch?
Post by: Zarhan on March 31, 2020, 02:46:17 am

Quote from: Isurus65

Just updated to V21. Android Security Update of 5 July 2019.

Ok, this is a case of even larger WTF. They rolled *back* the security level? V20 had Jan 2020, now we are back in July 2019?