Research firm: Google Android SDK has multiple vulnerabilities

Summary:Google's Android SDK is facing multiple vulnerabilities that are remotely exploitable, according to Core Security Technologies.In an advisory, Core Security noted heap and interflow overflow issues with Android and reserved eight CVE identifiers.

Google's Android SDK is facing multiple vulnerabilities that are remotely exploitable, according to Core Security Technologies.

In an advisory, Core Security noted heap and interflow overflow issues with Android and reserved eight CVE identifiers.

Core noted:

Several vulnerabilities have been found in Android's core libraries for processing graphic content in some of the most used image formats (PNG, GIF an BMP). While some of these vulnerabilities stem from the use of outdated and vulnerable open source image processing libraries other were introduced by native Android code that use them or that implements new functionality.

Exploitation of these vulnerabilities to yield complete control of a phone running the Android platform has been proved possible using the emulator included in the SDK, which emulates phone running the Android platform on an ARM microprocessor.

The company also outlined a proof of concept exploit with technical descriptions of each. It's worth a read. However, Android is a work in progress so fixes for these vulnerabilities are likely to be implemented.

More reading:

Topics: Android, ARM, Google, Mobile OS, Open Source, Security

About

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.