Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
X-Ray scans your Android device for unpatched vulnerabilities (xray.io)
9 points by trhaynes on July 23, 2012 | hide | past | favorite | 14 comments


Ran it on Verizon Galaxy Nexus (4.0.4) and it appears everything is patched. Now if they would just get me Jellybean, I would be a really happy camper...


Just ran it on my Nexus S with 4.1 and everything is patched. Currious to see how the HTC / Samsung's that are not Nexus devices fare.


4.1 is definitely the most secure Android you can be running currently.

We posted about some of the security improvements in Jelly Bean 4.1 last week:

https://blog.duosecurity.com/2012/07/exploit-mitigations-in-...


Samsung S2 here (running latest update to ICS). All patched, no vulns. I'm actually a little disappointed in a way :-P


Motorola Droid Bionic, running latest official carrier update, vulnerable to Gingerbreak :-\


Running an older CM7 build on my evo4g, vulnerable to ZurgRush :(


Grab the latest of JMZTaylor's unofficial CM9 nightlies! They are very stable and a huge upgrade from CM7 on my original Evo.


I'll check that out after work today. I was hoping I wouldn't have to ditch CM to get ICS


X-Ray author here, happy to answer any questions folks have!


Why haven't you published this to the Google Play store?


We'd love to be able to publish it in the Play Store, but we were informed by Google that the terms of service disallow any apps that check for vulnerabilities, despite X-Ray's good intentions.

It's a weird distinction that they allow AV-like apps, but not vulnerability assessment apps.


Galaxy Nexus running CM9 RC1 is vulnerable to Mempodroid :(


CM9 RC1 is supposed to be running 4.0.4, right? Shouldn't that have been patched already? Though it also appears they have some bigger issues, like everything you type going out to the debug logs, passwords included.

You should report this on their issue tracker: http://code.google.com/p/cyanogenmod/issues/list


If anyone can quickly point me at the CM9 kernel source, I can verify whether or not this is actually patched.

The vulnerability is looking checking to see if the mem_write() function is functional (where the vulnerability was present), which was removed/disabled by upstream AOSP.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: