Jump to content



Photo

Google Releases Fix For Major Android Flaw To OEMs

google android

  • Please log in to reply
8 replies to this topic

#1 +techbeck

techbeck

    Neowinian Senior

  • 18,217 posts
  • Joined: 20-January 05

Posted 09 July 2013 - 13:57

Google has released a fix to its Android OEMs for the master security hole unearthed by Bluebox Security, according to ZDNet. The publication gained confirmation from Google’s Android Communications Manager, Gina Scigliano, yesterday that “a patch has been provided to our partners”. She also told it that “some OEMs, like Samsung, are already shipping the fix to the Android devices”.

 

We’ve reached out to Google with additional questions and will update this post with any response. The flaw apparently allows a hacker to turn a legitimate app into a malicious Trojan by modifying APK code without breaking the app’s cryptographic signature. Google has already modified its Play Store’s app entry process to scan for the exploit so apps that have been modified using this vulnerability can no longer be distributed via Play.

 

Bluebox Security discovered the hole in Android’s code base — which it claims potentially affects 99% of Android devices — back in February, and disclosed it to Google at that time, but only made it public last week. Samsung’s Galaxy S4 was named then as one Android device that had already been patched — so it’s likely that handset is the device Scigliano is referring to when she cites Samsung already shipping a fix. We’ve asked Samsung to confirm which other handsets, if any, it’s now shipping fixes for.

 

The problem for Android users is that even though Google has now apparently released a fix to its OEMs, they still have to wait for the maker of their particular handset to implement and ship the fix — and potentially also for their carrier to test it with any skin or additions they have added on top of Android before they too release an update. Having to hang around to get updates is a byproduct of the openness and fragmentation of the Android ecosystem.

 

Still, it doesn’t sound like this particular Android flaw has been widely exploited thus far. Scigliano told ZDNet: “We have not seen any evidence of exploitation in Google Play or other app stores via our security scanning tools. Google Play scans for this issue – and Verify Apps provides protection for Android users who download apps to their devices outside of Play.”

 

http://techcrunch.co...s-android-hole/




#2 Hum

Hum

    totally wAcKed

  • 62,617 posts
  • Joined: 05-October 03
  • Location: Odder Space
  • OS: Windows XP, 7

Posted 09 July 2013 - 14:01

Google isn't perfect ???  Windows 8 has flaws ?  Impossible.



#3 +Chris123NT

Chris123NT

    Win8 Master

  • 2,802 posts
  • Joined: 01-November 01
  • Location: New York

Posted 09 July 2013 - 14:04

And it will take the carriers at least 6 months to push this out to their customers lol.



#4 Jason Stillion

Jason Stillion

    Neowinian

  • 1,400 posts
  • Joined: 04-April 12
  • Location: United States

Posted 09 July 2013 - 14:10

Wonder when it will show up in the factor images for nexus devices?

(Currently not showing in - https://developers.g...id/nexus/images)



#5 OP +techbeck

techbeck

    Neowinian Senior

  • 18,217 posts
  • Joined: 20-January 05

Posted 09 July 2013 - 14:47

And it will take the carriers at least 6 months to push this out to their customers lol.

 

OP says Samsung already patched theirs.  Good luck with HTC tho. I am sure the Nexus devices will be soon.



#6 +Chris123NT

Chris123NT

    Win8 Master

  • 2,802 posts
  • Joined: 01-November 01
  • Location: New York

Posted 09 July 2013 - 15:00

OP says Samsung already patched theirs.  Good luck with HTC tho. I am sure the Nexus devices will be soon.

Yeah Samsung is pretty on the ball, but carriers like AT&T take their sweet ass time pushing the fixes out.  They have to add their bloatware to the new ROM revision first.



#7 OP +techbeck

techbeck

    Neowinian Senior

  • 18,217 posts
  • Joined: 20-January 05

Posted 09 July 2013 - 15:02

Yeah Samsung is pretty on the ball, but carriers like AT&T take their sweet ass time pushing the fixes out.  They have to add their bloatware to the new ROM revision first.

 

Dont see why Google doesnt make these kind if patches available to install by a link from their site.  Take the OEM and carriers out of it. Especially if it is a major fix.



#8 -Deleted-

-Deleted-

    Neowinian

  • 204 posts
  • Joined: 11-March 09

Posted 09 July 2013 - 15:13

Dont see why Google doesnt make these kind if patches available to install by a link from their site.  Take the OEM and carriers out of it. Especially if it is a major fix.

I agree but then heaven forbid that it stopped the phone working with that particular carriers network, people would lose their minds.

 

I do agree though this needs to be fixed, why on earth carriers have so much control over a phone when all they do is patch a call through...



#9 .Neo

.Neo

    Generic User

  • 17,484 posts
  • Joined: 14-September 05
  • Location: Amsterdam, NL
  • OS: OS X Mavericks
  • Phone: iPhone 5s

Posted 09 July 2013 - 15:15

And it will take the carriers at least 6 months to push this out to their customers lol.

And many HTC customers won't ever receive a patch.