Author Topic: BlueFrag patch?  (Read 477 times)

adfh

  • Newbie
  • *
  • Posts: 25
    • View Profile
BlueFrag patch?
« on: February 13, 2020, 06:39:36 am »
“BlueFrag” (CVE-2020-0022) is a bug with Android’s l2cap implementation. It affects all Android 8 and 9 devices with Bluetooth enabled, allowing for remote crashing and arbitrary code execution. It’s been assigned a Critical severity in the February Android Security Bulletin (A-143894715).

https://www.engadget.com/2020/02/09/android...-security-flaw/
https://insinuator.net/2020/02/critical-blu...-cve-2020-0022/
https://source.android.com/security/bulletin/2020-02-01.html

It looks that unlike a lot of other bugs that seem to be chipset specific, the issue lies with an Android component, so the Cosmo is likely affected. Has anyone heard if there's going to be a patch for this? Otherwise.. I reckon a good idea to turn off bluetooth in crowded areas unless you need it.

adfh

  • Newbie
  • *
  • Posts: 25
    • View Profile
BlueFrag patch?
« Reply #1 on: March 26, 2020, 08:57:38 pm »
Does anyone know if the latest patch includes fix for Bluefrag? It doesn't seem to, based upon the Android patch level date of 5-Jan.

Isurus65

  • Newbie
  • *
  • Posts: 19
    • View Profile
    • http://
BlueFrag patch?
« Reply #2 on: March 31, 2020, 02:44:08 am »
Quote from: adfh
Does anyone know if the latest patch includes fix for Bluefrag? It doesn't seem to, based upon the Android patch level date of 5-Jan.

Just updated to V21. Android Security Update of 5 July 2019.
Previous PDA's: Toshiba e740; Toshiba e755; Psion 3c; Psion 5; HP Jornada 680; HP Jornada 720; Palm Tungsten T3; Palm LifeDrive; Nokia E90 ; Gemini PDA

Zarhan

  • Full Member
  • ***
  • Posts: 245
    • View Profile
BlueFrag patch?
« Reply #3 on: March 31, 2020, 02:46:17 am »
Quote from: Isurus65
Just updated to V21. Android Security Update of 5 July 2019.

Ok, this is a case of even larger WTF. They rolled *back* the security level? V20 had Jan 2020, now we are back in July 2019?