41 percent of Android phones are vulnerable to 'devastating' Wi-Fi attack

Wow, that's devastating. My phone could be devastated. It's devastational how devastating this devastation is.

Sensationalist title. This affects every implementation of WPA2. It's just hat Android was "exceptionally devestating" in that you could use an all-zero key. This just makes it easier.

Is there better reporting somewhere than The Verge? What's the best write-up people have seen?

What a bad title! It could also have been "100% iphones are vulnerable".

Google hasn't been perfect, but they have had, and continue to improve, ways of addressing the update problem. If you are a first tier OEM you have the clout to make your chip vendors update their BSPs and support them for a decent length of time, and you have the resources to update your customers' phones. If you are a lower tier OEM, you should have gone with Android One, and shipped a more up-to-date Android in the first place and dumped the update problem on Google.