It is Stagefright patch time again, and this time around yet another previously-unpatched device is receiving an update which might or might not help fix the bug. According to reports this morning, Sprint is pushing through an OTA update for HTC’s 2014 flagship phone, the One M8. While a number of Samsung devices on Sprint have already received the bug-fix update, the M8 is one of the first HTC devices on the carrier to be receiving the patch, which will hopefully, plug the security loophole. The update will bump up the software version to 4.25.651.18 from the current 4.25.651.14. Sprint’s changelog refers to the update as a “Patch for critical security vulnerability (‘Stagefright’)”, meaning no feature enhancements or other fixes are expected with this critical update.
Over the past week or so, carriers and OEMs have been rolling out security patches for their devices, now that Google has made the patch available to its partners. The vulnerability in Android’s multimedia library Stagefright was originally discovered by Zimperium zLabs security researcher Mr. Joshua Drake, who reported about it to Google as far back as April. Mr. Drake also sent Google some proposed patches for the security loophole, all of which were accepted by search giant, according to an interview Mr. Drake gave to NPR. Exodus Intelligence security researcher Jordan Gruskovnjak however, found what he describes as a “severe problem with the proposed patch”. According to him, multimedia files with malicious code can still give hackers access to private data stored on phones which have already received the current set of patches from carriers and OEMs. The vulnerability is said to affect devices running on Android 2.2 Froyo or newer versions of the operating system, which is what you’d expect, given that Stagefright has been Android’s multimedia library since Froyo. This could potentially make almost a billion smartphones worldwide susceptible to attacks.
As for the patch being rolled out by Sprint, to receive the OTA update, HTC M8 users should head over to Settings > System > About Device, and then tap on Software Updates > Check for Updates. The smartphone will continue stay on Android 5.0 Lollipop after this patch is applied, so no new features or even other bug fixes are expected as part of this patch, as already mentioned above.