Motorola announced that it will create and release a patch for the Stagefright vulnerabilities to carriers today, August 10. The company hasn’t announced whether it will also continue to release security patches for its devices every month, the same way Google, Samsung and LG promised last week.
The Stagefright vulnerabilities (found by the security team at Zimperium, who later alerted Google about it) allow malicious attackers to send an MMS message with embedded malware that is automatically retrieved by most SMS clients or IMs with SMS capabilities.
The malware would then require no action from the user in order to install itself on the phone, which, combined with the vast distribution capability of the MMS infrastructure, is what makes it so dangerous.
Motorola said it was notified by Google in June about the bugs, and its newly announced smartphones including the Moto X Style, Moto X Play and Moto G 3rd gen will include the patch. In some regions, where the Moto G 3rd gen has already started shipping, the patch isn’t integrated into the software, but those phones will be updated soon.
As for the other phones, Motorola will offer an update to the carriers for testing and approval. The list of smartphones that will receive it includes:
Moto X Style (patched from launch)Moto X Play (patched from launch)Moto X (1st Gen, 2nd Gen)Moto X ProMoto Maxx/TurboMoto G (1st Gen, 2nd Gen, 3rd Gen)Moto G with 4G LTE (1st Gen, 2nd Gen)Moto E (1st Gen, 2nd Gen)Moto E with 4G LTE (2nd Gen)DROID TurboDROID Ultra/Mini/Maxx
Motorola will begin sending this update to carriers today, but the company also said that the carriers have different requirements, which result in unique variants of the software. According to Motorola, there are over 200 variants of software that the company is working to patch, test and deploy. The company will prioritize the software that covers the largest groups of users at first.
When the patch is available, users should receive a notification about an update. They can also check periodically at Settings>About Phone>System Updates to see if they received an update.
If you’re not one of the the lucky ones to receive an update, Motorola recommended the following instructions to protect yourself against this type of exploit for the listed apps.
Messaging: go to Settings. Uncheck “Auto-retrieve MMS.”Hangouts (if enabled for SMS; if greyed-out, no need to take action): go to Settings > SMS. Uncheck auto retrieve MMS.Verizon Message+: go to Settings > Advanced settings. Uncheck Auto-retrieve. Uncheck “Enable weblink preview.”Whatsapp Messenger: go to Settings > Chat settings > Media auto-download. Disable all video auto downloads under “When using mobile data,” “When connected on Wi-Fi” and “When roaming.”Handcent Next SMS: go to settings>Receive message settings. Disable auto retrieve.
Follow us @tomshardware, on Facebook and on Google+.
Bingo. I have a Moto G 1st Generation which I use as the Android equivalent of an iPod Touch. I neither want or need an additional data plan! Wifi gets me everywhere I need to go with this.