Google patches mobile OS flaw
- By Jabulani Leffall
- Nov 05, 2008
Google Inc. has rolled out a security patch for a flaw found
last week in its Android operating system for mobile devices.
The over-the-air-patch appears as an update in T-Mobile's G1
phone and in other devices that can run the Linux-based OS. The
phones prompt the user to accept the update "now" or "later" but a
restart is needed for the patch to take effect.
Last week, security pros at Baltimore-based Independent Security
Evaluators described the problem, explaining that users of
Android-enabled phones could be exposed to hacks when routed to a
malicious Web page. Upon visiting the malicious site, the attacker
can run any code they wish based on the privileges of a Web browser
Depending on how a mobile handset was configured, an attacker
could have access to elements such as cookies and saved passwords
but would not be able to access other functions, Independent
Security Evaluators said.
The flaw remains limited because of Android's open source
architecture. Given the nature of real-time development in the open
source community, it can be difficult to roll out a product but
relatively easy to fix holes. Developers have ready access to the
source code, which is constantly being enhanced.
Jabulani Leffall's work has appeared in the Financial
Times of London, Investor's Business Daily, The Economist
and CFO Magazine, among others.