Post APfxf9XaqpYeAD2gWO by grapheneos@infosec.exchange
 (DIR) More posts by grapheneos@infosec.exchange
 (DIR) Post #APfxNEJgMBIFlKzO5o by inference@plr.inferencium.net
       2022-11-16T22:53:19.890161Z
       
       0 likes, 0 repeats
       
       @grapheneos @fox Isn't that so those companies can patch their devices, or do they still have to wait for Google to release them before they can patch?
       
 (DIR) Post #APfxf9XaqpYeAD2gWO by grapheneos@infosec.exchange
       2022-11-16T22:56:29Z
       
       3 likes, 1 repeats
       
       @inference @fox Google discloses the patches 30 days early to every Android partner and they aren't allowed to fix them until the embargo expires on the first Monday of the next month. The patches are WIDELY distributed for 30 days in advance. They aren't even pretending that the system is viable. We could start getting someone at an Android partner to leak us the patches to start fixing half the issues a whole month early. Perhaps we will. If they don't like that they can stop broadly leaking them early.
       
 (DIR) Post #APfxkmmCOxbvIZYmEy by inference@plr.inferencium.net
       2022-11-16T22:57:36.086332Z
       
       0 likes, 0 repeats
       
       @grapheneos @fox Okay, that's actually insane. If the partners still can't patch their devices, why bother giving them the vulnerability details? That's just adding a lot of trust which *will* be leaked and exploited due to the amount of people involved. They're effectively handing out free exploits.