Xperia Z5 family unlikely to get ‘Meltdown’ and ‘Spectre’ patches

by XB on 23rd January 2018

in Firmware, Problems, Xperia Z5 series

Sony Mobile has spoken of its plan to issue patches to fix the widely-documented ‘Meltdown’ and ‘Spectre’ CPU vulnerabilities. We always felt it likely that these patches (updated with Android security updates from 5 January 2018 and onwards) would only appear on the latest Xperia models. Judging by a reply from Sony Mobile’s Twitter support, it looks like that may well be the case.

Sony confirmed in the tweet that that the “Xperia Z5 Premium will not get a security patch update for ‘Spectre’ and ‘Meltdown’”. If the Xperia Z5 Premium won’t, then this also applies to the entire Xperia Z5 family (including the Z3+ and Z4 Tablet), as these models are all updated at the same time with same firmware build numbers.

Sony has not updated the firmware of the Xperia Z5 family since October 2017, so we weren’t holding out for any other updates. Regardless, are we asking too much of Sony to support handsets that are well over two years old now? Should Sony make exceptions for critical vulnerabilities, such as ‘Meltdown’ and ‘Spectre’? We’d love to hear your views below.

Thannks Tyw77!

  • Moisés

    I was expecting at least december security for Z4/Z5.

  • Antero Masonen

    Well thats one More goodreason to upgrade to Xz Pro. Ill use my Z5 ass MP3 player headphone Jack problem solved :)

  • phil g

    I understand the Z5 series is over two years old but critical vulnerabilities like Meltdown and Spectre should be patched.

  • Kayla!

    Sad to hear this. We shouldn’t expect Android 8, that’s o.k., but security patches for critical vulnerabilities are important.

  • Ditto. I would expect them to patch the bugs, especially since it’s just shy of 2 years.

  • Ju Rgen

    Shit Shame sony.. only patches..

  • Edzus

    so switches to LinageOS incoming

  • Yali AA

    Think they should make this the last update for Z5 series. Since it can be such aggressive attack. And think this will make Sony the ¨good guys¨ that watches over it’s customers.

  • Zayed Kotayba

    Yeah it’s shameful

  • Spencer Navarra-Chew

    Meldown is an INTEL SPECIFIC vulnerability and doesn’t need to be patched on ARM platform Sony Mobile devices. Spectre is a very hard to execute vulnerability. It’s extremely unlikely that anyone will find a way to take advantage of it in the foreseeable future.

  • “We also tried to reproduce the Meltdown bug on several
    ARM and AMD CPUs. However, we did not manage
    to successfully leak kernel memory with the attack de-
    scribed in Section 5, neither on ARM nor on AMD. The
    reasons for this can be manifold. First of all, our im-
    plementation might simply be too slow and a more opti-
    mized version might succeed. For instance, a more shal-
    low out-of-order execution pipeline could tip the race
    condition towards against the data leakage. Similarly,
    if the processor lacks certain features, e.g., no re-order
    buffer, our current implementation might not be able to
    leak data. However, for both ARM and AMD, the toy
    example as described in Section 3 works reliably, indi-
    cating that out-of-order execution generally occurs and
    instructions past illegal memory accesses are also per-

    From the White paper.

  • mountain

    Is it possible to use these vulnerabilities to develop a root for the newer devices?

  • hansip

    i don’t know why such Meltdown vs Spectre exploit is to be afraid of on personal level device. The exploit is dangerous on server level which runs virtualized environment, but certainly not for personal device.

  • F Michael

    The z5 premium was a flagship phone. That means it’s a very high spec phone. These kind of phones don’t become outdated quickly. This phone is still very current and Sony hasn’t even released anything with higher specs to upgrade to yet. Only phone that surpasses it in specs is the xz premium which is a very small improvement over the z5 premium. I’m sorry but when I buy a premium flagship phone, I expect security updates and support for at least a few years. These premium phones aren’t cheap phones. I could have bought an iphone for almost the same price. You don’t see iphone dropping support for their older devices either. I’ve had numerous hardware related issues that I’ve had to get fixed (faulty battery, broken headphone jack, dead screen pixels…etc) over the years (I’ve had 3 different xperia phones) and yet I still continued to purchase Sony because of their support. Now I can’t say I will be buying another Sony phone.

  • Jacky

    Even Qualcomm has given up the SD 810 so I’m not surprised if Sony doesn’t update the z5..:(

  • Actman

    Even Samsung Galaxy S6 Edge + was fixed with patches for the month of January! Kudos Sony!

  • Farhan Ansari

    Fuck off Sony

  • Justin

    I’m still waiting for my Oreo update and December 2017 security patches on my XZ so not at all shocked by Sony’s lack of give-a-damn about an older phone.

  • Night Guy

    wtf, just fix this goddamn problem and stop the update if you want.

  • Arthur Karlsson

    This just shows the companies think that mobile phones have a 2 year life circle… With the prices of the top end handsets going up every year now it looks like we are going to need to hand out around 1000$ every two years to have the support needed for our handsets.. Wonder if Sony and Samsung will stop supporting their TV´s after 2 years?

  • Steven Khoo Skkl

    Meltdown affects Intel based chips only. And even then, they still can exploit consumer CPUs as the vulnerability is in the Kernel itself. That means at levels where in depth personal details are used.
    Anyway, spectre is the more pressing 1, however. Since its harder to exploit pre patch. Patching it up would allow hackers to see the new layer of security and work around them.

  • Heh, people still believe what Sony Mobile profiles on FB send them? People who maintain it mostly now shit about what they wrote…
    More reliable source is Sony’s official forum’s team…

  • Well it’s Twitter. And it’s official Xperia support.

  • Zratul

    Only Cortex A75 is vulnerable to Meltdown, not the A57 nor the A53 in the Z5 series.

    Still I would have expected Sony to apply some Spectre mitigations.

  • F Michael

    I’ve been tempted to go to it but the fact that the camera doesn’t function as well and certain Sony apps stop working is keeping me away from it. Also the fact that it’s unofficial makes me feel a little uneasy using it. Would be great if we could just update to the latest android without waiting for Sony and still keep everything working.

  • Gregory See

    So they’re committed to stick with the 2 years support for flagships. Good luck Sony. They never learn.

  • TimmY

    It’s fine, I need to change my Z5 anyway.

  • Margaret

    Goℴgle offers every one $98 per hour to do some small tasks onnet .. Do job for just few time & spend more time with your own family … Any one can get this online work…on Friday I purchased a brand new Subaru Impreza after just making $9265 this last six weeks .it seems nicest-job but you may no longer forgive yourself if you don’t test it.!bx60s:➩➩➩ http://GoogleTeamManiaUpdateWorkFromHome/more/cash ♥♥♥k♥♥♥c♥v♥♥t♥♥♥e♥♥♥z♥y♥a♥c♥♥a♥♥♥w♥♥t♥s♥x♥♥a♥♥a♥♥♥f♥♥♥c♥r♥o♥♥v♥♥z♥p♥c♥♥♥h:::::!ve13d:chd

  • deekbee

    And then a few years down the line, you’ll find exactly the same problem with the XZ Pro.

  • deekbee

    I’ve just “upgraded” from a Z5C to a Z5. Just wanted a bigger screen. Maybe I’ll pick up a Z5 Premium at some point too …

    Chances of these bugs hitting most people in any meaningful way is highly improbable.

  • Antero Masonen

    What’s the problem? Every phone has a lifespan. I’m very satisfied that Z5 came from 5.0 to 7.11. XZ Pro will go to Android 10

  • deekbee

    Will probably go to Android 10 – assuming 2 major version upgrades, which isn’t always guaranteed.

    But what happens when Android 11 comes out and there is a new massive bug found out, and the XZ Pro doesn’t get the fix? Same “outrage” from a bunch of fans.

    I don’t have any problems with it, a couple of years upgrades, with next to no new features was quite good going for the Z5, and I’ll happily keep mine until it dies.

  • Antero Masonen

    Z5 without is still better than all the china crap of 2017 :)

  • deekbee

    Agreed; and I’m actually finding the Z5 a realistic upgrade from the Z5C – the extra RAM really does make a difference in day to day usage.

    I wasn’t so sure about sticking with the Z5 range, but a while looking at the options and I just figured may as well stick with it.

  • Well, it’s not official Xperia support, but some company that works for them and is the one controlling their social accounts…
    They may know what they I writing about, but I want be so sure about it…

    And if You are believing what “Sony” is writing using Twitter or FB, than Sony Mobile PL wrote to somebody on FB that Z5 series WILL GET Oreo. Not that it MAY, but that it’s certain.

  • Osaid Saqqa

    Are they going to supply the french police with vulnerable Z4 tablets?!!

  • Osaid Saqqa

    Totally agree. Premium should be supported as such.

  • Avid_Sony_fan

    I hate Apple with a passion. BUT, at least their updates continue past the 2 year mark. Device prices are getting expensive. Not everyone is in a position that they can update every 2 years just to stay secure. Even of new features aren’t added, security updates should at least be addressed.

  • Kayla!

    I planned to switch to Xperia XZ1, but some technical issues made me uncertain.

  • F Michael

    Premium phones shouldn’t be put in the same category as non premium phones. There is a clear difference between the z5 and z5 premium in both specs and price. I would expect the premium at least to get the update.

  • [Citation needed]

  • Pixelado

    I’m sad to admit that Samsung handles security updates better than Sony. Even the 2014 Galaxy S5 continues to receive security updates.

  • Pixelado

    Sony doesnt need Qcomm to do anything, these patches are backed into AOSP by Google. I think Sony just needs to sync their repositories and run their build bots for a few hours to merge the changes into a new build. QA might be needed as well but I highly doubt it.

  • 陳拓拓

    Security patches for critical vulnerabilities for Z5 series should be soupported ASAP.
    Or Sony Xperia will be danger and high risk phones in the world. Next time, would you buy them?

  • 陳拓拓

    Can’t agree with you more.

  • Kitsilano69852

    The Z5 family never received an update in October 2017. False reporting by this website. The last update for Z5 is version Release: 32.4.A.0.160 with June 2017 security update. Just go to sony mobile support website and look up IMEI number for any Z5.

  • Kitsilano69852

    version 32.4.A.1.54. is not available.

  • Tony Batty

    I have a better idea, lets sue them for not providing the support that should come with these expensive phones. A Class Action Law Suit would do quite nice. Probably that will solve the issue we currently face and have them know that we their Most Valued Customers deserve much better from a Company the likes of Sony. Which I know has faithful customers in all aspects of their electronic devices, be it a phone, TV, Stereo and others. We should come together as one and even not support or buy anymore phones in the future unless they change their policy for good.

  • F Michael

    Good luck with that. I live in Taiwan so I can’t do that unfortunately.

Previous post:

Next post: