It sure would be handy to have a rooted test device with VoLTE provisioned right about now. What I'm saying is that I'm confused as to how an attacker manages to send a SIP message with a malformed SDP field to the UE unless they've got access to the carrier's network. Even if it was allowed, I'd expect the IMS proxy to at least sanity check the message. Carriers only exchange calls over IP with a limited number of other carriers, it's not like you can just send a SIP INVITE directly to a carrier's SBC and have it passed along unmolested to the associated UE, surely? That would be a giant gaping hole in spam/robocalling prevention. (Carrier-based) IMS requires the use of your carrier's proxy server. More confused than skeptical though since the Project Zero blog post calls out some of the related baseband vulnerabilities as only being exploitable by a malicious carrier. I'm still confused/skeptical of how exploitable this is in the real world. For one of the WiFi vulnerabilities that took forever to roll out, I had wifi turned off for a week on our phones before I got sick of it and installed it myself. Even if the Pixel 6 patch is on March 20 (a big IF, nobody official has confirmed that), how long will it take to roll out even on Google Fi, or will I have to try to download and install the patch manually. I refuse to spend over $300 to trade in my Pixel 6 for a 7 less than 2 years after purchase because they can't be bothered to update even the most critical vulnerabilities in a reasonable timeframe. Google made big promises about extending support and patches right around the launch of the Pixel 6, and instead they've consistently, significantly delayed updates and security patches for the Pixel 6. Honestly the Pixel 6 might be the end of Android for me. If someone could inject a presistent UEFI threat into your PC over the internet right now with no patch available, you'd be pulling your ethernet cable out of the wall before I could finish typing this. If it did something to the baseband firmware, how would you ever even know if a factory reset did anything on the phone (hint: you wouldn't). In fact I can't really imagine a higher severity CVE.
Click to expand.I mean an over-the-air zero-interaction superuser-privileged code execution bug is pretty damn serious.
0 kommentar(er)
