Check Point's "QuadRooter" vulnerabilities

Posted Aug 10, 2016 17:46 UTC (Wed) by excors (subscriber, #95769)
In reply to: Check Point's "QuadRooter" vulnerabilities by dany
Parent article: Check Point's "QuadRooter" vulnerabilities

Like when you have to manually download an update from Lenovo to fix a BIOS vulnerability (in code originally from Intel and modified by some BIOS vendor)?

On Windows I've got graphics drivers downloaded directly from NVIDIA, some other graphics card utilities from the card manufacturer, BIOS updates from the motherboard manufacturer, my SSD needed a firmware update from Crucial to stop it BSODding every hour after it was a couple of years old. My monitor and printer and keyboard came with driver CDs. My ISP offers me cloud storage software, my bank offers me security software. Web browsers and Flash etc have their own auto-updaters (some more irritating than others), most other applications can only be updated manually.

Android has a far more coherent model than that: the Play Store updates your apps, the device vendor is responsible for updating all the platform software and firmware and drivers, and that covers absolutely everything. (The only problem is that "is responsible for" != "actually does".)