Hacker News new | ask | show | jobs
by nl 2106 days ago
I have a Pixel.

My comment referred to the timeline outlined in the post, in particular this part:

Qualcomm gives an update on the progress of a microcode based fix. The plan is that the fix will be available for OEMs by September 7, but Qualcomm will request an extension to patch integration and testing by OEMs.allow more time for patch integration and testing by OEMs.

and for their multiple subsequent requests for an extension and/or grace period.

Your August patches don't fix this - Qualcomm only notified OEMs on 4 August and their plan was to get fixes to OEMs by 7 Sep.
1 comments
panpanna 2106 days ago
I am fine with this schedule.

Unless someone is actively exploiting devices I would prefer a well tested patch to a rushed patch.

Note that this whole issue is due a previously rushed patch.

link
nl 2105 days ago
It wasn't due to a rushed patch - the patch just gave the Project Zero researcher an idea for where he should look.

There's no real way of being sure if it is being exploited. I guess no exploits had been detected a couple of days ago, but it's not uncommon for the way it gets detected it for someone to find the exploit software somewhere. That's how Project Zero found these iOS issues for example[1].

[1] https://googleprojectzero.blogspot.com/2019/08/a-very-deep-d...

link