Google patches mobile OS flaw

Google Inc. has rolled out a security patch for a flaw found
last week in its Android operating system for mobile devices.


The over-the-air-patch appears as an update in T-Mobile's G1
phone and in other devices that can run the Linux-based OS. The
phones prompt the user to accept the update "now" or "later" but a
restart is needed for the patch to take effect.


Last week, security pros at Baltimore-based Independent Security
Evaluators described the problem, explaining that users of
Android-enabled phones could be exposed to hacks when routed to a
malicious Web page. Upon visiting the malicious site, the attacker
can run any code they wish based on the privileges of a Web browser
application.


Depending on how a mobile handset was configured, an attacker
could have access to elements such as cookies and saved passwords
but would not be able to access other functions, Independent
Security Evaluators said.


The flaw remains limited because of Android's open source
architecture. Given the nature of real-time development in the open
source community, it can be difficult to roll out a product but
relatively easy to fix holes. Developers have ready access to the
source code, which is constantly being enhanced.


Jabulani Leffall's work has appeared in the Financial
Times of London, Investor's Business Daily, The Economist
and CFO Magazine, among others.



inside gcn

  • automated security (Oskari Porkka/Shutterstock.com)

    How to create a secure cyber environment

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group