Google Releases Fix For Major Android Flaw To OEMs


Recommended Posts

Google has released a fix to its Android OEMs for the master security hole unearthed by Bluebox Security, according to ZDNet. The publication gained confirmation from Google?s Android Communications Manager, Gina Scigliano, yesterday that ?a patch has been provided to our partners?. She also told it that ?some OEMs, like Samsung, are already shipping the fix to the Android devices?.

 

We?ve reached out to Google with additional questions and will update this post with any response. The flaw apparently allows a hacker to turn a legitimate app into a malicious Trojan by modifying APK code without breaking the app?s cryptographic signature. Google has already modified its Play Store?s app entry process to scan for the exploit so apps that have been modified using this vulnerability can no longer be distributed via Play.

 

Bluebox Security discovered the hole in Android?s code base ? which it claims potentially affects 99% of Android devices ? back in February, and disclosed it to Google at that time, but only made it public last week. Samsung?s Galaxy S4 was named then as one Android device that had already been patched ? so it?s likely that handset is the device Scigliano is referring to when she cites Samsung already shipping a fix. We?ve asked Samsung to confirm which other handsets, if any, it?s now shipping fixes for.

 

The problem for Android users is that even though Google has now apparently released a fix to its OEMs, they still have to wait for the maker of their particular handset to implement and ship the fix ? and potentially also for their carrier to test it with any skin or additions they have added on top of Android before they too release an update. Having to hang around to get updates is a byproduct of the openness and fragmentation of the Android ecosystem.

 

Still, it doesn?t sound like this particular Android flaw has been widely exploited thus far. Scigliano told ZDNet: ?We have not seen any evidence of exploitation in Google Play or other app stores via our security scanning tools. Google Play scans for this issue ? and Verify Apps provides protection for Android users who download apps to their devices outside of Play.?

 

http://techcrunch.com/2013/07/09/google-plugs-android-hole/

Link to comment
Share on other sites

And it will take the carriers at least 6 months to push this out to their customers lol.

 

OP says Samsung already patched theirs.  Good luck with HTC tho. I am sure the Nexus devices will be soon.

Link to comment
Share on other sites

OP says Samsung already patched theirs.  Good luck with HTC tho. I am sure the Nexus devices will be soon.

Yeah Samsung is pretty on the ball, but carriers like AT&T take their sweet ass time pushing the fixes out.  They have to add their bloatware to the new ROM revision first.

Link to comment
Share on other sites

Yeah Samsung is pretty on the ball, but carriers like AT&T take their sweet ass time pushing the fixes out.  They have to add their bloatware to the new ROM revision first.

 

Dont see why Google doesnt make these kind if patches available to install by a link from their site.  Take the OEM and carriers out of it. Especially if it is a major fix.

Link to comment
Share on other sites

Dont see why Google doesnt make these kind if patches available to install by a link from their site.  Take the OEM and carriers out of it. Especially if it is a major fix.

I agree but then heaven forbid that it stopped the phone working with that particular carriers network, people would lose their minds.

 

I do agree though this needs to be fixed, why on earth carriers have so much control over a phone when all they do is patch a call through...

Link to comment
Share on other sites

And it will take the carriers at least 6 months to push this out to their customers lol.

And many HTC customers won't ever receive a patch.

Link to comment
Share on other sites

This topic is now closed to further replies.