[chuankl]

Google has not released the March update for Pixel 6, 6 Pro, and 6a.

[gcr]

Hang on - if I understand correctly, all of the following is true for Pixel 6, Pro, and 6a users??

- There's an exploit out there that lets attackers own my phone if they know my number

- A patch is not available for my phone yet

- It's not possible to work around the issue because a previous update removed the toggle

- Announcing this signals to every competent black hat worth their salt to begin looking for exploits on this chipset, knowing the reward is high and the method of pulling it off is implied to be simple

I really wish Google had delayed this blog post until after all of their currently supported flagship products were no longer affected...

[esperent]

> I really wish Google had delayed this blog post until after all of their currently supported flagship products were no longer affected

Aren't they legally required to disclose security vulnerabilities like this within a certain time limit?

Seems like the real anger should be directed at them removing the toggle to turn it off.

[matthewdgreen]

I don’t think they’re legally required to do so. However they have a very aggressive publication schedule and selectively making exceptions for Google and not for competitors would look terrible, and possibly expose them to lawsuits.

[fomine3]

Some mobile careers no longer operate 3G so turn off VoLTE isn't an option for some people. Google must release patch before this.

[schoolornot]

Under what law?

[unyttigfjelltol]

This was patched in other models so that gives a head start for people who reverse-engineer such things.

As for Samsung, their March 2023 patch closes items that sound similar. [1]

[1] https://www.sammyfans.com/2023/03/06/samsung-march-2023-secu...

[izacus]

And then everyone here would attack Google for covering up their own vulnerabilities.

This is a sign of integrity.