Google plugs first Googlephone flaw
Welds patch onto Android
Google has responded to the discovery of a security bug by pushing out the first patch for its Android mobile phone platform.
Users of the G1, developed by HTC, was patched over the weekend in response to the discovery of a flaw in its browser software on 24 October. The bug was discovered by Charlie Miller, Mark Daniel and Jake Honoroff of Independent Security Evaluators who described the flaw as potentially serious.
The bug arose because Google bundled outdated open source components, which were vulnerable to attack, into the phone's software. Potential attack scenarios included lifting cookies used for accessing websites, saved passwords and information entered into web forms. More serious attacks - such as making phone calls - were never on the cards.
Screenshots of the patch downloading and installing can be found in a story by CNet here. ®