Google has responded to the discovery of a security bug by pushing out the first patch for its Android mobile phone platform.

Users of the G1, developed by HTC, was patched over the weekend in response to the discovery of a flaw in its browser software on 24 October. The bug was discovered by Charlie Miller, Mark Daniel and Jake Honoroff of Independent Security Evaluators who described the flaw as potentially serious.

The bug arose because Google bundled outdated open source components, which were vulnerable to attack, into the phone's software. Potential attack scenarios included lifting cookies used for accessing websites, saved passwords and information entered into web forms. More serious attacks - such as making phone calls - were never on the cards.

Screenshots of the patch downloading and installing can be found in a story by CNet here. ®

Related stories

• CanSecWest A grim day for browser security at hacker contest (19 March 2009)
• Google starts selling unlocked G1 (8 December 2008)
• Google silences Gmail security blogorumors (26 November 2008)
• One million Googlephones expected in '08 (25 November 2008)
• Google fixes world's most stupid bug (10 November 2008)
• Ballmer: 'Google not a major mobile competitor' (6 November 2008)
• Hackers jailbreak T-Mobile's Googlephone (5 November 2008)
• Android security, market place under fire (28 October 2008)
• T-Mobile Googlephone to hit UK in two weeks (15 October 2008)
• iPhone squares up to Android (7 October 2008)
• Jesus Phone vuln delivers fanboys to phishermen (6 October 2008)
• Google spills Satan Phone dev kit (24 September 2008)
• First Android phone to retail for $199 (18 September 2008)
• Google admits Android App Store Market (29 August 2008)
• Googlephone security team seeks bug hunters (20 August 2008)
• Analysts slam iPhone security and battery life (5 August 2008)
• iPhone Mail bug adds phishing danger (24 July 2008)