Google and T-Mobile push patch for Android security flaw

Summary:During the weekend, Google and T-Mobile pushed a patch fixing last week's disclosed security flaw affecting Google's Android. The flaw and the PoC were communicated to Google on October 20th, with the vulnerability itself made possible due to Android's use of outdated third-party software packages.

Google Android
During the weekend, Google and T-Mobile pushed a patch fixing last week's disclosed security flaw affecting Google's Android. The flaw and the PoC were communicated to Google on October 20th, with the vulnerability itself made possible due to Android's use of outdated third-party software packages.

"Users of the G1 Android phone on Friday have begun receiving a software update that fixes a flaw that security researchers found earlier in the week. The update included the fix to the browser vulnerability and a couple of other minor changes as well, said Michael Kirkland, a Google spokesman. Every user of the G1 may not have gotten the update yet but should within a short time frame, he said. Google worked with T-Mobile USA, the only operator selling the device, to push the update out to users. The G1 went on sale last week, and T-Mobile has not disclosed how many have sold so far."

The same issue occurred back in March, when multiple vulnerabilities were reported in Google's Android SDK, the exploitation of which was once again made possible due to the use of outdated open source image processing libraries. If there's a pure Android security flaw that you're looking for, try the outdated software packages running on it for starters -- pretty similar situation to Microsoft's recent emphasis on how the exploitation of third-party applications undermines their security.

Topics: Mobility, Android, Google, Security

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.