HTC America President Jason Mackenzie over the weekend tweeted that pushing out monthly security updates to all the HTC smartphones is ‘unrealistic’. The post follows the start of a monthly Android security update rollout that companies like Google and Samsung announced following the discovery of the wide-spanning Stagefright vulnerability.
Mackenzie in his first tweet replied to a user asking why HTC was not committing to monthly Android security updates that companies like Google, LG, and Samsung promised, saying, “Because commitment to this is not realistic. In order to push an update you have to get carrier approval.” He later added that the carrier companies sometimes don’t have enough space in their labs to test and certify the updates for so many handsets. This results in delays to update rollouts.
Mackenzie however, assured that the Taiwanese company would push for updates nonetheless but won’t guarantee a rollout for each month. “We will push for them, but unrealistic for anyone to say guaranteed every month,” he later tweeted.
For those unaware, LG, Google and Samsung in August promised for a monthly update to fix the Stagefright vulnerability in all their smartphones. Sony, Motorola, OnePlus and other companies have also rolled out updates.
Stagefright is an open source media player that is used by about 95 percent of Android devices, or about 950 million devices. Zimperium reported a vulnerability in Stagefright in July that, if exploited, could let attackers to take control of an Android device by sending a specially crafted media file delivered by an MMS message.
While the companies are still rolling out the Stagefright vulnerability fix to devices, security experts have now found a new Stagefright 2.0 vulnerability. The newer version of the bug can also affect devices running OS versions below Android 5.1 Lollipop. Unlike the previous Stagefright bug, the Stagefright 2.0 can enter any device in the form of mp3 or mp4 file instead of a MMS text.