1. MINIX team will be having Chinese Lunar New Year holidays from 23/01 to 05/02, replies will be limited during this period, please kindly note.

Stagefright fix

Discussion in 'NEO X7 Custom ROMs, Kernels & Discussion' started by cantenna, Oct 14, 2015.

  1. cantenna

    cantenna New Member

    Anyone know if one is coming for our minix neo x7?

    Sent from my Xperia Tablet Z Wi-Fi using Tapatalk
  2. Higgs

    Higgs Yellow Dude Super Moderator

    cantenna likes this.
  3. cantenna

    cantenna New Member

    Are you using the latest firmware? Can you do a scan for me? thank you

    Sent from my Xperia Tablet Z Wi-Fi using Tapatalk
  4. HardwareGuru

    HardwareGuru Developer Administrator

    Stagefright is fixed in all latest "official firmwares"

    Verstuurd vanaf mijn ZP980+ met Tapatalk
    cantenna likes this.
  5. cantenna

    cantenna New Member

    Thank you hardwareguru for the info. That's great news. Two new vulnerabilities was recently discovered, hopefully these are patched as well.

    Can you kindly link me to a rom with the fixes i can download and install?

    Regards,

    Sent from my Xperia Tablet Z Wi-Fi using Tapatalk
    Last edited: Oct 14, 2015
  6. Villa

    Villa Trusted Helper Super Moderator

    For X7 firmware update...

    Download link (to be used for a Fresh install or pre CE210 versions)
    http://www.minixforum.com/downloads/download.php?file=x7-rk3188-240.rar
    (drivers and Flashtool included)
    MD5 Checksum: 49e0ab9094495abc8248d4812ea6d32d

    cantenna likes this.
  7. cantenna

    cantenna New Member

    Hi there, just installed and scanned for stagefright, the rom you linked is vulnerable to;
    CVE-2015-6602
    CVE-2015-3864
    CVE-2015-3824
    CVE-2015-1538

    Any other rom suggestions that may have the stagefright vulnerability patched?

    Sent from my Xperia Tablet Z Wi-Fi using Tapatalk
    Last edited: Oct 15, 2015
  8. gufone

    gufone Big Owl - Developer Super Moderator

    This vulnerability is fixed in the 2.5.0. But don't forget that the problem is limited to devices with MMS capabilities. So surely not your MINIX.
    garolfe likes this.
  9. cantenna

    cantenna New Member

    Sorry mate, been hearing allot of "only MMS" going around, and that simply is inaccurate info. An infected MMS is an example of only one point of entry another point of entry which is far more likely to occur with our devices is accidentally watching an infected video file embedded with code to take advantage of the stagefright vulnerability.

    Okay, guess ill be installing ubuntu on this device until this gets sorted out and 250 is available.

    See
    https://blog.zimperium.com/zimperiu...me-new-vulnerability-processing-mp3mp4-media/

    Maybe Minix could just release the updated libs so that we can make a patch? Or release a security patch?

    Sent from my Xperia Tablet Z Wi-Fi using Tapatalk
    Last edited: Oct 17, 2015
  10. cantenna

    cantenna New Member

    Hi gufone, you said this would be fixed in 250 but it was not. Can you comment please?
  11. gufone

    gufone Big Owl - Developer Super Moderator

    The problem is that rockchip provided a precompiled library that works but is vulnerable. If we use the one we compile (and have patched) the vulnerability is gone but there are seriously problem of video decoding. At the moment we have decided to privilege functionality until we are less busy in our respective works and lifes to work on a solution.
    garolfe and cantenna like this.
  12. cantenna

    cantenna New Member

    Thanks for getting back to me. Does Minix sell hardware that isn't rockchip base?

    I am pissed that I own rockchip and Samsung hardware that is still stagefright vulnerable nearly 10-12 months later.

    Really as consumers, if security is a priority it seems we should be only purchasing Apple or Google.
    Last edited: Mar 4, 2016
  13. MaxeL

    MaxeL Active Member

    Yes, expect Rockchip Minix sells AmLogic and Intel based devices too. Look at the forum section highlights.
    cantenna likes this.