Motorola prepara gli aggiornamenti per la vulnerabilità Stagefright

What is the "StageFright" or MMS messaging issue?

In June of 2015, Google acknowledged a potential issue with the Android OS and how it handles MMS, or multi-media messages containing video.

Android OS provides a media playback engine called 'Stagefright.' Stagefright is responsible for unpacking and playing the multimedia message. Depending on a phone's messaging settings, this could take place before the phone owner opens the message or views the video. There is a possibility that a hacker could insert malware in the video. It could then be processed and access the phone without giving the owner a chance to evaluate the video attachment.

As of the publication date of this note, we are not aware of any known or reported incidents of anyone attempting to take advantage of this possibility to harm Android phone owners.

What is Motorola doing about this?

After Google informed us in late June, we've been working to integrate, test and deploy the security patches into all future products and software updates. We are also working with Google and our carrier partners to simplify the process of deploying critical security updates in the future.

All of our newly launched products - Moto X Style, Moto X Play, and Moto G (3rd Gen) will have the patches integrated in their software. Initial shipments of Moto G (3rd Gen) in some regions do not have the patch yet, but will receive an update soon.

When will my phone receive the patch?

We will begin delivering software to our carrier partners to test starting August 10th for the phones listed above. Many carriers have unique requirements that result in unique variants of software. As a result, there are over 200 variants of software that we are working to patch, test and deploy to our carrier partners for their testing and approval. We are prioritizing our deployments of the patch to the largest groups of consumers first and working closely with our carrier partners to make the patch available as soon as possible. We will update on our progress as more information becomes available.

As soon as a patch is ready you will see a notification on your phone to download and install the update. We encourage everyone to periodically check if they have the latest software by checking in Settings>About Phone>System Updates.

What can I do to protect myself if my phone does not have the patch?

First, only download multimedia content (such as attachments or anything that needs to be decoded to view it) from people you know and trust. You can disable your phone's capability to download MMS automatically. That way you can only choose to download from trusted sources.

Messaging: go to Settings. Uncheck 'Auto-retrieve MMS.'
Hangouts (if enabled for SMS; if greyed-out, no need to take action): go to Settings > SMS. Uncheck auto retrieve MMS.
Verizon Message+: go to Settings > Advanced settings. Uncheck Auto-retrieve. Uncheck 'Enable weblink preview.'
Whatsapp Messenger: go to Settings > Chat settings > Media auto-download. Disable all video auto downloads under 'When using mobile data,' 'When connected on Wi-Fi' and 'When roaming.'
Handcent Next SMS: go to settings>Receive message settings. Disable auto retrieve.