Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
 
Latest Comments
"Good! Its very good blog the for the people who are having debit collection and credit report ..."
on Fake Microsoft anti-spyware site stealing credit card info
by identity theft lawyers | Jul 4, 2009 6:55 PM
 
"nothing"
on Ads on Facebook serving up adware
by UMAIR | Jul 4, 2009 5:54 PM
 
"Thank you "
on Search engine promises completely private surfing
by Dr. Holub | Jul 4, 2009 11:17 AM
 
"Agree that wireless hotspots are an easy way for hackers to gather information from connected ..."
on New devices make hotspots a hacker's paradise
by Patrick Hooper | Jul 3, 2009 4:06 AM
 
"Katarzyna what has this got to do with Symantec?? "
on Mobile phone directory service faces consumer uproar
by PaulC | Jul 2, 2009 12:55 PM
Other

Vulnerability patched in Google's Android-powered phone

  • Email a Friend
  • Print Page
Related Articles
By Angela Moscaritolo
Nov 5, 2008 9:45 AM
Tags: Vulnerability | patched | in | Google's | Android-powered | phone
Google and T-Mobile late last week began rolling out a patch to users of the G1 phone to address a security vulnerability in the Android operating system.
Google and T-Mobile late last week began rolling out a patch to users of the G1 phone to address a security vulnerability in the Android operating system, a Google spokesman confirmed to SCMagazineUS.com Monday.
The patch does seem to fix the problem, Charlie Miller, a security researchers with Independent Security Evaluators (ISE) who discovered the flaw, told SCMagazineUS.com Monday.
The vulnerability was discovered in October by Miller and ISE researchers Mark Danie and Jake Honoroff, just days after the Android went on sale. The problem originally was publicized in The New York Times.
The bug was related to the 80-plus open-source packages on which the Android operating system is based. The vulnerability was fixed in the newest versions of the software, but Google had used an older version of one package that was still vulnerable, Miller said.
The bug was located in a library called "webkit" that runs the HTML and JavaScript for the web browser, Miller said.
As a result of the vulnerability, if a user visited a malicious web page, an attacker could have gained access to saved passwords, information entered in web form fields and cookies used to access sites, Miller said.
“We treated it very seriously,” a Google spokesman said of the vulnerability. “It came to light in late October and we worked with T-Mobile to get the patch rolled out to the G1s.”
When researchers initially notified Google of the vulnerability, Google asked they not make the information public. ISE released information about the vulnerability but kept details to a minimum before the patch was issued as to not aid those who might have wanted to exploit the flaw.
The New York Times said Google believed Miller broke an “unwritten code” by disclosing the vulnerability before the internet giant patched it.
“I'd say that if I hadn't alerted everyone it would have taken a lot longer [to patch],” Miller said.
Users will have a notice on their phone asking whether they want to update, the Google spokesman said.


See original article on scmagazineus.com

Secure Computing Magazine

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
Exclusive Data Centre - Sponsored Content by Microsoft
 
Patch Management Whitepapers
 
Popular Tags
adobe authentication bloggers browser directshow fix flaw hacker manager mcafee microsoft mobile patch patches pdf phone privacy reader vulnerability wsus