Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.mobile.android > #153600

Re: Q: What threats do we really face when our phones are not fully patched?

From Maria Sophia <mariasophia@comprehension.com>
Newsgroups comp.mobile.android
Subject Re: Q: What threats do we really face when our phones are not fully patched?
Date 2026-04-23 13:24 -0600
Organization BWH Usenet Archive (https://usenet.blueworldhosting.com)
Message-ID <10sdrlp$1oft$1@nnrp.usenet.blueworldhosting.com> (permalink)
References (11 earlier) <vgjnbmx66t.ln2@Telcontar.valinor> <10sb7q4$2kb8$1@nnrp.usenet.blueworldhosting.com> <4sknbmx055.ln2@Telcontar.valinor> <10sbb7l$1qaa$1@nnrp.usenet.blueworldhosting.com> <ptonbmxtd3.ln2@Telcontar.valinor>

Show all headers | View raw

Carlos E.R. wrote:
>> I do that on the PC and even then, since my PC is hardened, it's a bitch.
> 
> Often I am not given any option. It is phone, or phone. And I was at the 
> physical shop, the last two contracts. Paper not accepted.

I agree with you that paper often is no longer accepted, where in my case,
the government forces me to take money out of my retirement account (it's
the law!) so I have to jump through hoops even on a PC to do esign stuff.

Luckily, my financial advisors who take care of that, drive to me so I can
sign the paperwork (but they'd likely be happy if I would just esign it). 
 
>> Too-simply stated, it would, IMHO, ask for how we use the phone.
>> And then it would show us the CVE's that are unpatched that affect us.
> 
> Of course I can read the CVES, but it is a full time job.

Exactly. 
I think finding the CVE is the easy part. 

The problem is figuring out quickly whether the CVE impacts us.
Where each of us has a different phone setup and use model.

For example, my contacts sqlite database, as you know, is empty, so any CVE
which attacks the contacts, isn't something that I would be worried about.

This apparently lists, for example, Android/Samsung CVEs, which only people
on Samsungs would care about (I'm not sure what brand you're on):
 https://security.samsungmobile.com/workScope.smsb
Note that is the Android CVEs plus the Samsung-specific CVEs, apparently.

In addition, each of us has a Project Mainline Google Play system update
level, where we might need to go here to find CVEs after that date.
 https://source.android.com/docs/security/bulletin
But roughly only about a third of the CVEs in a typical monthly ASB are
fixable via Mainline, where I'd like to find two separated lists.
 1. One for project mainline CVE fixes
 2. The other for all Android CVE fixes (preferably w/o mainline CVEs)

As you're aware, there's also the most important exploits known in the wild
which the CISA KEV database has, but it's really hard to parse.
 https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Again, I could write the code to parse this data, but I'm not going to.
So it's best if we can find a site that can do it already for us.

Back to comp.mobile.android | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Q: What threats do we really face when our phones are not fully patched? Maria Sophia <mariasophia@comprehension.com> - 2026-04-19 10:59 -0600
  Re: Q: What threats do we really face when our phones are not fully patched? Andy Burns <usenet@andyburns.uk> - 2026-04-19 18:06 +0100
  Re: Q: What threats do we really face when our phones are not fully patched? "Carlos E.R." <robin_listas@es.invalid> - 2026-04-19 22:31 +0200
    Re: Q: What threats do we really face when our phones are not fully patched? Maria Sophia <mariasophia@comprehension.com> - 2026-04-21 15:06 -0600
      Re: Q: What threats do we really face when our phones are not fully patched? "Carlos E.R." <robin_listas@es.invalid> - 2026-04-22 07:06 +0200
        Re: Q: What threats do we really face when our phones are not fully patched? Maria Sophia <mariasophia@comprehension.com> - 2026-04-22 01:15 -0600
          Re: Q: What threats do we really face when our phones are not fully patched? "Carlos E.R." <robin_listas@es.invalid> - 2026-04-22 11:45 +0200
            Re: Q: What threats do we really face when our phones are not fully patched? AJL <noemail@none.com> - 2026-04-22 15:55 +0000
              Re: Q: What threats do we really face when our phones are not fully patched? "Carlos E.R." <robin_listas@es.invalid> - 2026-04-22 19:17 +0200
                Re: Q: What threats do we really face when our phones are not fully patched? AJL <noemail@none.com> - 2026-04-22 17:40 +0000
                Re: Q: What threats do we really face when our phones are not fully patched? "Carlos E.R." <robin_listas@es.invalid> - 2026-04-22 19:46 +0200
                Re: Q: What threats do we really face when our phones are not fully patched? AJL <noemail@none.com> - 2026-04-22 18:32 +0000
                Re: Q: What threats do we really face when our phones are not fully patched? "Carlos E.R." <robin_listas@es.invalid> - 2026-04-22 21:18 +0200
                Re: Q: What threats do we really face when our phones are not fully patched? Maria Sophia <mariasophia@comprehension.com> - 2026-04-22 13:33 -0600
                Re: Q: What threats do we really face when our phones are not fully patched? "Carlos E.R." <robin_listas@es.invalid> - 2026-04-22 21:41 +0200
                Re: Q: What threats do we really face when our phones are not fully patched? Maria Sophia <mariasophia@comprehension.com> - 2026-04-22 14:31 -0600
                Re: Q: What threats do we really face when our phones are not fully patched? "Carlos E.R." <robin_listas@es.invalid> - 2026-04-22 22:50 +0200
                Re: Q: What threats do we really face when our phones are not fully patched? Maria Sophia <mariasophia@comprehension.com> - 2026-04-23 13:24 -0600
                Re: Q: What threats do we really face when our phones are not fully patched? AJL <noemail@none.com> - 2026-04-22 22:01 +0000
                Re: Q: What threats do we really face when our phones are not fully patched? Andy Burns <usenet@andyburns.uk> - 2026-04-23 10:37 +0100
                Re: Q: What threats do we really face when our phones are not fully patched? AJL <noemail@none.com> - 2026-04-23 16:28 +0000
                Re: Q: What threats do we really face when our phones are not fully patched? "Carlos E.R." <robin_listas@es.invalid> - 2026-04-23 13:14 +0200
                Re: Q: What threats do we really face when our phones are not fully patched? AJL <noemail@none.com> - 2026-04-23 17:30 +0000
                Re: Q: What threats do we really face when our phones are not fully patched? Frank Slootweg <this@ddress.is.invalid> - 2026-04-23 15:08 +0000
                Re: Q: What threats do we really face when our phones are not fully patched? AJL <noemail@none.com> - 2026-04-23 18:10 +0000
                Re: Q: What threats do we really face when our phones are not fully patched? Maria Sophia <mariasophia@comprehension.com> - 2026-04-23 13:30 -0600
                Re: Q: What threats do we really face when our phones are not fully patched? Frank Slootweg <this@ddress.is.invalid> - 2026-04-23 19:54 +0000
                Re: Q: What threats do we really face when our phones are not fully patched? Maria Sophia <mariasophia@comprehension.com> - 2026-04-22 13:25 -0600
              Re: Q: What threats do we really face when our phones are not fully patched? Frank Slootweg <this@ddress.is.invalid> - 2026-04-23 14:49 +0000
                Re: Q: What threats do we really face when our phones are not fully patched? AJL <noemail@none.com> - 2026-04-23 17:57 +0000
                Re: Q: What threats do we really face when our phones are not fully patched? "Carlos E.R." <robin_listas@es.invalid> - 2026-04-23 21:05 +0200
                Re: Q: What threats do we really face when our phones are not fully patched? Frank Slootweg <this@ddress.is.invalid> - 2026-04-23 20:00 +0000
                Re: Q: What threats do we really face when our phones are not fully patched? "Carlos E.R." <robin_listas@es.invalid> - 2026-04-23 22:41 +0200
                Re: Q: What threats do we really face when our phones are not fully patched? AJL <noemail@none.com> - 2026-04-23 20:10 +0000
                Re: Q: What threats do we really face when our phones are not fully patched? Frank Slootweg <this@ddress.is.invalid> - 2026-04-23 19:54 +0000
                Re: Q: What threats do we really face when our phones are not fully patched? AJL <noemail@none.com> - 2026-04-23 22:16 +0000
                Re: Q: What threats do we really face when our phones are not fully patched? Frank Slootweg <this@ddress.is.invalid> - 2026-04-24 14:09 +0000
                Re: Q: What threats do we really face when our phones are not fully patched? "Carlos E.R." <robin_listas@es.invalid> - 2026-04-25 14:13 +0200
          Re: Q: What threats do we really face when our phones are not fully patched? Jeff Layman <Jeff@invalid.invalid> - 2026-04-22 18:32 +0100

csiph-web