http://www.theregister.co.uk/2011/09/20/google_android_vulnerability_patching/ By Dan Goodin in San Francisco The Register 20th September 2011 It's been more than a month since researchers reported two serious security vulnerabilities in Android, but so far there's no indication when they will be purged from the Google-spawned operating system that's the world's most popular smartphone platform. The first flaw allows apps to be installed without prompting users for permission. The permission-escalation vulnerability permits attackers to surreptitiously install malware in much the way a proof-of-concept exploit researcher Jon Oberheide published last year did. In that case, an app he planted in the Android Market and disguised as an expansion pack for the Angry Birds game secretly installed three additional apps that without warning monitored a phone's contacts, location information and text messages so data could transmitted to a remote server. “The Android Market ecosystem continues to be a ripe area for bugs,” Oberheide wrote in an email. “There are some complex interactions between the device and Google's Market servers which has only been made more complex and dangerous by the Android Web Market.” The second bug resides in the Linux kernel where Android originates and makes it possible for installed apps with limited privileges to gain full control over the device. The vulnerability is contained in code device manufacturer have put into some of Android's most popular handsets, including the Nexus S. The bug undermines the security model Google developers created to contain the damage any one application can do to the overall phone. [...] _____________________________________________________________ Register now for the #HITB2011KUL - Asia's premier deep-knowledge network security event now in it's 9th year! http://conference.hitb.org/hitbsecconf2011kul/Received on Tue Sep 20 2011 - 22:36:09 PDT
This archive was generated by hypermail 2.2.0 : Tue Sep 20 2011 - 22:42:53 PDT