Google plugs first Googlephone flaw
Welds patch onto Android
Posted in Mobile, 3rd November 2008 11:21 GMT
See what The Register's experts have to say on application security
Google has responded to the discovery of a security bug by pushing out the first patch for its Android mobile phone platform.
Users of the G1, developed by HTC, was patched over the weekend in response to the discovery of a flaw in its browser software on 24 October. The bug was discovered by Charlie Miller, Mark Daniel and Jake Honoroff of Independent Security Evaluators who described the flaw as potentially serious.
The bug arose because Google bundled outdated open source components, which were vulnerable to attack, into the phone's software. Potential attack scenarios included lifting cookies used for accessing websites, saved passwords and information entered into web forms. More serious attacks - such as making phone calls - were never on the cards.
Screenshots of the patch downloading and installing can be found in a story by CNet here. ®


The future of SaaS and IT infrastructure management
Essential archive requirements for eDiscovery
Image spam: the threat returns
The shortcut guide to managing certificate lifecycles

Win a Samsung C6625!
Is your cameraphone an oxymoron?
Windows 7, Bing and security: Mr Ballmer regrets
Sign up, sign up for The Register IT security newsletter