And that's only the Qualcomm stuff. There is another CPU vendor beginning with M who is big in el-cheapo hardware - look at their Android kernel leaks, wherever you dig you find horrid, HORRID code.
Google should mandate full open source disclosure of all GPL'd components as part of the Play Store certification and unlockable bootloaders, otherwise this shit is never going to change.
Heh, I once found a "feature" in a kernel driver in my Xperia (with a SoC from the company with a name starting in M) that allowed you to read arbitrary kernel memory from userspace, by passing the appropriate structures via a ioctl interface. Didn't even have to dig around too much.
Ah well, at least I got a t-shirt from Sony.
When questioned about this on the Android Platform 11 AMA last month, they stated that they think OEMs freedom is what makes Android a rich ecosystem.
So there you have it. Can check by yourself on Reddit.
My older OnePlus 3 got updates for almost 4 years I think. Not bad, but it's not like apple's 5-6 years. Still, it was half the price of an iPhone with better hardware to boot so fair trade I guess.
I don't like frivolous spending on phones but I never keep a phone more than 4 years anyway. The progress of camera, microphone and speaker quality alone across 4 years is enough of a quality of life improvement for me to upgrade.
At this rate of Android security issues, my next phone will probably be the next iPhone SE but only if they update the display to a larger 1080p 90Hz panel and add an ultrawide camera lens, I don't care about anything else.
Should be SoC (System on Chip)
(As it happens I read the slides and this is a legit vulnerability but you'd never know it from the press release.)
For what it is worth, a modern chip as complex as the A* series is essentially guaranteed to have vulnerabilities. Maybe not 400, but definitely not 0.
So you fix the handful of errors in the SDK templates and all the 400 vulnerabilities go away.
https://www.pine64.org/2020/01/24/setting-the-record-straigh...
For open source to help, people have to actually review the code.
I'm not sure if anyone has compiled a list of how many
That's four generations of Apple hardware, the latest being iPhone X and iPhone 8/8 Plus (Sept 2017). The patch being fixed in A12 means the iPhone XR and iPhone XS (and later) are unaffected.
This is coming from a point of view that Linux is quite a success and thus maybe the same philosophy could be used for hardware?
And no changing chips every few months possibly breaking compatibility (people working around your bugs) is not a feature that a lot of hw designers want.
This may change eventually. I have high hopes for RISC V but we will see
In theory when properly configured the DSP or GPU should be unable to touch system RAM outside of buffers that are specifically assigned to them.
I'm not very familiar with the status of IOMMU on Android devices.
> Broadcom filed suit ... claiming SpaceX hired a number of Broadcom’s top engineers to develop “a family of sophisticated, customized computer chips.” The two companies had been working together on the development of advanced computer chips for an undisclosed project, but SpaceX ultimately ended the collaboration.
