|
|
|
|
|
|
by jeroenhd
1041 days ago
|
|
|
Why not? I download updates to apps on my phone every day. I fact, my old phone that has long stopped receiving updates still runs the latest browsers just fine. The problem isn't keeping the applications up to date. There's a risk of kernel exploits, but I can't remember the last time the Android kernel had a bug that could be triggered by simply sending packets to it. Privilege escalation works, maybe, but getting root on Android is a lot harder than most Linux servers because of the very strict and isolated SELinux contexts. I've installed termux on my phone and I can install nginx with a single command. Downloading a Debian chroot and launching a full, maintained Linux distro is two commands away. Until remotely triggered Android kernel exploits become a thing, I don't think the updates are the problem here. |
|
|
RCE from Bluetooth packets has happened uncomfortably often - CVE-2017-0781+2 (BlueBorne), CVE-2020-0022, CVE-2022-20411, ...