Software Update G900VVRU2BOG5 For Galaxy S5 Did NOT fix StageFright Vulnerability.
ma268
Enthusiast - Level 2

I received an Update today for my Samsung G900V (Galaxy S5) and I installed it immediately because I knew it was the update intended to patch the notorious StageFright Vulnerability. After the software update was completed, I decided to run the StageFright Detector app by Zimperium because it was recently updated. It detected a vulnerability at CVE-2015-3864. I looked at the update notes for the app and noticed that that was an extra search location added in the update. Even though Verizon is merely shoving the update to us from Google and Samsung, I want to urge them to be quick in pushing that additional update to us as it is desperately needed.

Also I would like to request a more detailed update notes section for your system updates. Maybe a tab for advanced users on the website that shows exactly what was updated.

0 Likes
Re: Software Update G900VVRU2BOG5 For Galaxy S5 Did NOT fix StageFright Vulnerability.
Chad_M
Enthusiast - Level 1

I had pushed out the update myself until this morning after being away for the weekend. After installation of the update, knowing it was to patch the StageFright exploit, my phone battery drain has been immensive. My phone seems to be running slower and the Android OS and and Android System are using a very large amount of battery power, over 25% combined. In just under 4 hours, my phone has used about 85% of the battery life where it has usually lasted me all day with very minimal use.

Is anybody else experiencing the battery drain as I am with the new patch?

Only information I had noticed from the Verizon mobile website was that it was "Android security patches."

Re: Software Update G900VVRU2BOG5 For Galaxy S5 Did NOT fix StageFright Vulnerability.
radar320
Contributor - Level 2

After reading this, I ran the same check, and it shows that my device is NOT vulnerable so apparently it worked for me.

0 Likes
Re: Software Update G900VVRU2BOG5 For Galaxy S5 Did NOT fix StageFright Vulnerability.
Gabi0813
Enthusiast - Level 1

I also want MORE info before having an update. I'd also like the option as to when and IF I do the update.The last time Lollipop was forced through by Verizon, I've nothing but trouble with my Samsung Galazy S5. No all phones are created equal. NOR ARE PROVIDERS. At&T never had any issues with Lollipop, iPhones also had no problems, because Verizon seems to add NON-compatible junk to our phones, which just mess up our phones. I do NOT want a Newspaper app, I do NOT want games, I do NOT need Flip News, nor any other app, that is forced on us by Verizon. I do NOT use my phone for any of those things, If I want to reads an article I will use the Newspaper or my lap top. I do not use my cell phone for these things.Yet I cannot delete them from my phone, because Verizon has them locked in. I was told by Samsung that the issues with their phone is due to the un-compatible apps and "other" programs running in the back ground that is just verizon's junk. I had a regular flip phone for 8 years, with battery life that lasted 2 weeks before charging. When it finally gave out, I was forced to get a smart phone. Biggest mistake I ever made. Loved it at first, I could take pics of my new grandbaby etc, but I had to charge my phone every day after Lollipop was FORCED unto my phone. I was advisd by Samsung NOT TO DOWNLOAD due to many glitches and issues. So I kept stalling the update as advised, until Verizon pushed it through. Now I have no battery life, there is more junk on my phone again, and it's just not worth it anymore. I was originally an Alltel customer, and NEVER had to call Customer Service NOR did I ever have issues with my phone or service. After merging, after lollipop it's been NOTHING BUT TROUBLE, hassels, and horrible customer service. Been with same cell company for 25 yrs, now will be the first time, that when my contract is up, I'm looking for a better service. AND they ARE out there, I know many who would never go back to Verizon, due to the outsourcing and not being able to talk to someone Stateside, when asked. Miscommunications are rampant due to this. FIX this problem with Lollipop, stop with the new software updates until YOU KNOW THEY WILL WORK. WE are paying for a service, and you are NOT providing it to us, due to pushing updates through before they are actually working. What a shame, 25 years down the drain, since I've switched to Verizon 6 years ago (or whenever Alltel merged). I was happy with Verizon UNTIL all these non working software updates hit.

Re: Software Update G900VVRU2BOG5 For Galaxy S5 Did NOT fix StageFright Vulnerability.
ma268
Enthusiast - Level 2

I used Zimperium's stagefright detector because It was the only one that searched an extra location, which was not fixed by Verizon. You must be using a different detector.

Re: Software Update G900VVRU2BOG5 For Galaxy S5 Did NOT fix StageFright Vulnerability.
ma268
Enthusiast - Level 2

I'm 90% sure that "My Magazine," or the thing that shows up when you swipe the home screen (touch wiz only) all the way to the left, was Samsung's doing. My Magazine is powered by Flipboard which may have you confused. That said, you're exactly right. Verizon loves preloading applications that cannot be fully uninstalled without rooting. They do this because they get paid by the developers of those apps to do so. I do not like this anymore than you do. I too am strongly considering T-Mobile as they actually care about the consumers and the users. They are also a hella lot cheaper.

Re: Software Update G900VVRU2BOG5 For Galaxy S5 Did NOT fix StageFright Vulnerability.
send2steph
Enthusiast - Level 2

G920VVRU4BOG7 for S6 today (Sept 29) didn't fix the S6 either.

0 Likes
Re: Software Update G900VVRU2BOG5 For Galaxy S5 Did NOT fix StageFright Vulnerability.
send2steph
Enthusiast - Level 2

I agree, Zimperium's seems to be the best detector - it's the only one I've found that actually lists the areas of vulnerability. There's still one on the S6 marked as red.

Re: Software Update G900VVRU2BOG5 For Galaxy S5 Did NOT fix StageFright Vulnerability.
BSchehl
Enthusiast - Level 1

Galaxy S4 is also NOT fixed according to Zimperium and my place of employment. I could almost live with no corporate email, but I miss my calendar.

Re: Software Update G900VVRU2BOG5 For Galaxy S5 Did NOT fix StageFright Vulnerability.
clough9360
Enthusiast - Level 1

Wish I had never done yesterday's update.  I am using Galaxy S6 and our company uses Airwatch.  After the previous update and the install of the Stagefright managed app I was able to become compliant and set up and use my exchange email and calendar.  As soon as I updated yesterday Airwatch flagged the latest stagefright vulnerability, flagged my phone, and my services were shut down.  I've lost enterprise email and it is a major pain in the rear.  Thanks Verizon. Fix this - now!

Can we roll back to the last stock OS build?