The few lucky early buyers of the Oneus One CyanogenMod-based hset are still waiting for their phones despite initial promises it would ship in mid- to-late May. Oneus, the company behind the device, recently sent emails to its small base of early smartphone shoppers, saying the phone software just received a “major update” the company was “perfecting some final issues.”
It wasn’t clear what the hold-up was, but now a Cyanogen er has stepped forward to shed a little light on the issue. On a Reddit forum posting, CyanogenMod Head Moderator Abhisek Devkota said the new OpenSSbug that became public last Thursday was to blame.
” decided to include the correction for those vulnerabilities, in the factory release of the One,” Devkota said on Reddit. “A new release means the whole firmware needs to be re-certified (including QA time), but we believe the security benefits outweigh the delay.”
Devkota also added that the last minute delay wasn’t “due to missing set deadlines or expectations.”
The OpenSSbug Devkota referred to was a critical flaw that could allow man-in-the-middle attacks to decrypt modify encrypted data transporting via SS(Secure Sockets yer) T (Transport yer Security).
The bug wasn’t quite as devastating as the Heartbleed bug discovered in April, but another major flaw further reinforced the OpenSSSoftware Foundation’s need for financial support. The bug apparently existed in the code for more than 15 years.
The Core Infrastructure Initiative (CII)—a group sponsored by Amazon b Services, Cisco, Dell, Facebook, Fujitsu, , IBM, Intel, Microsoft, NetApp, Rackspace, VMware The nux Foundation—recently announced it would give the OpenSSproject enough funds to hire two, full-time core developers.
The Oneus delay means a longer wait for the few hundred lucky folks slated to get the Oneus One first. However, fixing a critical security flaw before the phones leave the factory is well worth it indicates a willingness on the part of Oneus Cyanogen to properly serve their customers.