this post was submitted on 01 Oct 2023
69 points (93.7% liked)

Boost For Lemmy

7048 readers
61 users here now

Community of the Android app Boost for Lemmy Play Store Link

founded 1 year ago
MODERATORS
 

What version of libwebp does Boost use and if it is currently vulnerable, when can we expect an update to fix this issue? The affected versions of libwebp are 0.5.0 to 1.3.1.

you are viewing a single comment's thread
view the rest of the comments
[–] Prizephitah@feddit.nu 1 points 1 year ago (1 children)

As a person that’s been rolled into smartphones via work (iPhone 3Gs) and then never daily driven an Android, but always thought it might be more to my liking, I’m aghast. How can this be accepted? I now understand why large botnets often is comprised of Android devices.

[–] seaQueue@lemmy.world 1 points 1 year ago* (last edited 1 year ago)

Zero days aren't the big driver of botnets, there are millions (if not hundreds of millions) of very cheap, very old, android devices out there. If you look at the periodic stats Google releases >50% of devices are running an Android version <= 10. Something like 20% of Android devices (at least according to the stats Google provides) running Android <= 5.

Per earlier this year: https://m.gsmarena.com/android_13_is_now_running_on_12_of_devices_in_the_wild-news-58244.php

I'm assuming these stats don't even cover a huge number of cheap Indian or Chinese devices too, those don't come with Google services at all.