“never change a running (= working) system” is a widespread saying which means: if it works, don’t improve it (too much) X-D and risk breaking of old functionality that user relies on

this (of course) can be remedied by extensive detailed (= for every feature and function, for every button and button combinations after EVERY change to the code) (semi) automatic use_case_testing after every update with every version of the hardware ever build (especially companies with enough money (M$ + Apple) seem to neglect that?)

for expensive industrial and factory critical CNC machines and other devices that do not require internet connectivity (why? seriously, why?) “never change a working system” is just fine as physical disconnected devices (still probably) are best protected (for high stake military making sure no radio signal can leave the room might also be required)

it would be still possible to network with the device  dedicated vpn proxy devices that (hopefully 100%? X-D) isolate the device from potential dangerous networks (those running outlook and users click on each and every popup of each and every mail and website to lure the user to that VERY VERY IMPORTANT MUST INSTALL NOW IMMEDIATELY “update.exe.zip” of this or that program.

Android receives A TON of software updates (almost monthly) which is good to keep internet connected devices that users rely on online banking, navigating the world and opening doors

DESPITE a ton of different devices out there, until now (knock on wood) Android managed this update process fairly well = without breaking too much has-worked-before-functionality (bad example would be iPhone WIFI not working after firmware update)

this does not mean there are not SCARY SCARY exploits possible against browser (every hacked website could be the last) mail (whatever receives messages is at danger) and Android smart phones

check out hacking contest: Pwn2Own.com

PRIZES.

Trend Micro is offering cash and prizes during the competition for vulnerabilities and exploitation techniques against the listed targets in the categories below.

The first contestant to successfully compromise a target within the selected category will win the prize amount indicated for that specific target. All prizes are in US currency.

The contest has eight categories consisting of:

  • Virtualization
  • Web Browser
  • Enterprise Applications
  • Server
  • Local Escalation of Privilege
  • Cloud/Container
  • Automotive
  • AI
Target Prize Master of Pwn Points Eligible for Add-on Prize
Oracle VirtualBox $40,000 4 Yes
VMware Workstation $80,000 8 Yes
VMware ESXi $150,000 15 No
Microsoft Hyper-V Client $250,000 25 Yes
Target Escape Options Prize Master of Pwn Points Eligible for VMware Escape Add-on Prize
Google Chrome N/A – Renderer Only $60,000 6 No
Windows Kernel Escalation of Privilege $100,000 10 Yes
Sandbox Escape $150,000 15 Yes
Microsoft Edge (Chromium) N/A – Renderer Only $60,000 6 No
Windows Kernel Escalation of Privilege $100,000 10 Yes
Sandbox Escape $150,000 15 Yes
Apple Safari N/A – Renderer Only $60,000 6 No
Sandbox Escape $100,000 10 No
macOS Kernel Escalation of Privilege $150,000 15 No
Mozilla Firefox N/A – Renderer Only $50,000 5 No
Sandbox Escape or Windows Kernel Escalation of Privilege $100,000 10 Yes

 

question_to_AI: how come that java android managed to make the update process less scary? (usually everything still works after update X-D)
Llama 3.3 70B

Java Android’s update process is less scary due to several factors:

  • Backward compatibility: Android’s Java-based architecture allows for backward compatibility, which means that older apps can still run on newer versions of the operating system with minimal issues.
  • Dalvik and ART: Android’s Dalvik virtual machine (VM) and Android Runtime (ART) provide a layer of abstraction between the app code and the underlying system. This abstraction helps to reduce the impact of system changes on apps.
  • Google Play Services: Many Android apps rely on Google Play Services, which provides a set of APIs and libraries that are updated independently of the Android OS. This allows apps to take advantage of new features and security patches without requiring a full system update.
  • Gradle and build tools: The Android build process, which uses Gradle and other build tools, helps to manage dependencies and ensure that apps are built with the correct versions of libraries and APIs.
  • Testing and verification: Google and device manufacturers perform extensive testing and verification of updates before releasing them to the public. This helps to identify and fix potential issues before they affect users.
  • Incremental updates: Android’s incremental update mechanism allows for smaller, more targeted updates that fix specific issues or add new features, rather than requiring a full system update.
  • API level abstraction: Android’s API level abstraction allows developers to target specific API levels, which helps to ensure that their apps are compatible with different versions of the operating system.

Overall, these factors contribute to a more stable and less scary update process for Java Android, where everything usually still works after an update.

It is OF COURSE questionable if a programming language working with virtual machines that requires TONS of RAM (Java) is the right choice for mobile devices, because very CPU + RAM powerfull (= expensive) devices have to be build but users (so far) are willing to spend the money, even if that thing overheats during Google Maps navigation on a hot summer day (Pixel 7 Pro is REALLY only for colder climates)

Links:

liked this article?

  • only together we can create a truly free world
  • plz support dwaves to keep it up & running!
  • (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
  • really really hate advertisement
  • contribute: whenever a solution was found, blog about it for others to find!
  • talk about, recommend & link to this blog and articles
  • thanks to all who contribute!
admin