Android OTA Security Update
Our friends over at Phandroid are reporting that a security update has been released for Android devices that have been updated with the 1.5 Cupcake update. The security flaw apparently was pretty severe (at least in concept). Basically, when 2 applications by the same author are installed on your Android Device, the operating system allows the applications to share information between those applications without requiring verification by the user. The vulnerability would allow application developers to bypass the system of inter-application signature checking, essentially gaining access from other applications NOT written by that developer.
Start talking about applications from Visa, your bank, or applications that might have other sensitive data and that is a potentially severe security flaw.This affected the following versions of Android:
- 1.5 CRB17
- 1.5 CRB42
The “fixed” version is listed as “1.5 CRB43? and the flaw doesn’t affect 1.0 and 1.1
via Phandroid
No Trackbacks.