underthebus

Cyanogen Inc aims to fix recently discovered OpenSSL vulnerabilities before OnePlus One launch

The saga of OnePlus and their supposed flagship killer continues to spiral into odd corners of the Internet with the most recent murmurs coming from OnePlus themselves, announcing yet another delay. Lucky users recently received an email from OnePlus stating that they were now able to purchase the OnePlus One, however the exact ship date was unknown due to “perfecting some final issues” in their software. While this sure sounds like software is to blame, Cyanogen Inc’s Abhisek Devkota took to Reddit to set the record straight.

On June 5th, an OpenSSL security bulletin was posted, alerting the world that multiple vulnerabilities had been discovered in their software. An attacker could use these exploits to decrypt and listen in on traffic between clients and servers (man-in-the-middle), another exploit could allow denial of service attacks, another vulnerability could allow a hacker to run code on an exploitable device, and the list goes on and on.

Seeing as CyanogenMod includes major features to protect the privacy and security of their users, such as Privacy Guard and WhisperPush, Cyanogen Inc decided to include the patches and corrections for those vulnerabilities to uphold their stance on these matters. As a result, the final firmware needed to go through the quality assurance and certification process again. This was most likely a tough decision to purposefully delay a product that that Cyanogen Inc has been working on for such a long time, however protecting their end users from known vulnerabilities, that they are able to fix, is more important and the right course of action.

So, hold your pitchforks. Blaming Cyanogen Inc for the OnePlus One delay is actually a good thing. The real question we should be asking ourselves is, why did OnePlus elude to software issues, using CyanogenMod 11S as a scapegoat for their production woes? While they didn’t come out and say Cyanogen Inc was to blame, they left their official stance on the issue wide open to interpretation and didn’t comment on countless CyanogenMod delay rage posts that cluttered their official forums.

In the future I hope that OnePlus and Cyanogen Inc can work more closely together to report issues like these before they turn into this unneeded shitstorm. With more transparency, everyone wins.

Source: Reddit

Exit mobile version