Android Open Handset Developers Community

 
It is currently Tue Jan 06, 2009 2:24 am

View unanswered posts | View active topics



Information: A new forum for discussions on the new coming HTC Dream handset is available !

Board index » ANDROID - An Open Handset Alliance Platform » General » ANDROID platform

All times are UTC


recent topics
 Topics   Replies   Views   Last post 
No new posts Attachment(s) G1 versus iphone.. not too much serious

by barban on Thu Nov 06, 2008 6:06 pm in Relaxing Lounge

0

76

Thu Nov 06, 2008 6:06 pm

barban

No new posts Security vulnerability in Android web browser

by barban on Tue Oct 28, 2008 1:56 pm in ANDROID platform

1

56

Tue Oct 28, 2008 1:56 pm

barban

No new posts Gears and Android

by barban on Sat Jul 19, 2008 3:21 pm in ANDROID platform

3

137

Sat Jul 19, 2008 3:21 pm

barban

No new posts Mobile Application Developer Survey - Coming to a Close!

by vision-vanessa on Fri Jun 27, 2008 8:23 am in News & Announcements

0

150

Fri Jun 27, 2008 8:23 am

vision-vanessa

No new posts Mobile Application Developer Survey - Have Your Say!

by vision-vanessa on Mon Jun 02, 2008 7:06 am in News & Announcements

0

170

Mon Jun 02, 2008 7:06 am

vision-vanessa




Post new topic Reply to topic  Page 1 of 1
  [ 2 posts ] 
  Print view Previous topic | Next topic 
Author Message
Zoltan
 Post subject: Security vulnerability in Android web browser
PostPosted: Sat Oct 25, 2008 9:39 pm 
Offline

Joined: Thu Dec 27, 2007 2:12 pm
Posts: 29
Hi all,
a couple of days after the market lunch of T-Mobile G1, security experts (not malicious guys) have found a serious vulnerability on the Android 1.0 web browser: the browser may be exploited by visiting a malicious page, so that an attacker can run arbitrary code with the same privileges of the web browser application. It seems that this vulnerability was found and fixed some time ago, but it is still in the Android code due to the fact Google did not use the most up to date versions of all the open source packages that are used in the current version of the platform.

We can console ourselves :mrgreen: by knowing that the impact of this attack is somewhat limited thanks to the Android sandboxing mechanism of each applications with respect to the phone's enviroment. Apple's iPhone, for example, does not have this feature and all the phone's features can be accessed by means of a compromised application.
Top
 Profile  
 
barban
 Post subject: Re: Security vulnerability in Android web browser
PostPosted: Tue Oct 28, 2008 1:56 pm 
Offline

Joined: Thu Dec 27, 2007 6:09 pm
Posts: 49
Hi all,
don't be too much worried: Google has already patched this security hole in the Android code: the patch has been also already released to G1 users by means of an OTA (over the air) software update the day after the official launch of the phone.

How-to check the software version currently used: Menu -> Settings -> About phone -> Build number.

First original G1 release: RC19 (security hole present) :twisted:
Updated G1 release: RC28 (security hole fixed) :mrgreen:

Best,
barban
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 2 posts ] 

Topic Tags

Android G1, Apple, application, bug, fix, how-to, Iphone, OTA, release, sandbox, security, vulnerability, web browser


Board index » ANDROID - An Open Handset Alliance Platform » General » ANDROID platform

All times are UTC


Who is online

Users browsing this forum: No registered users and 0 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
SitemapIndex SitemapIndex RSS Feed RSS Feed Channel list Channel list
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
phpBB SEO

This site is not affiliated with nor endorsed by the Open Handset Alliance.
All trademarks and logos used in this site are of properties of their respective owners.