By May 27, 2009

Android OTA Security Update

image Our friends over at Phandroid are reporting that a security update has been released for Android devices that have been updated with the 1.5 Cupcake update. The security flaw apparently was pretty severe (at least in concept). Basically, when 2 applications by the same author are installed on your Android Device, the operating system allows the applications to share information between those applications without requiring verification by the user. The vulnerability would allow application developers to bypass the system of inter-application signature checking, essentially gaining access from other applications NOT written by that developer.

Start talking about applications from Visa, your bank, or applications that might have other sensitive data and that is a potentially severe security flaw.This affected the following versions of Android:

  • 1.5 CRB17
  • 1.5 CRB42

The “fixed” version is listed as “1.5 CRB43? and the flaw doesn’t affect 1.0 and 1.1

via Phandroid

Posted in: Phones

About the Author:

Seasoned tech blogger. Host of the Tech Addicts podcast.
Loading Facebook Comments ...

Post a Comment

No Trackbacks.