Android Vulnerability So Dangerous, Users Warned Not to Use Phone's Web Browser
Over the weekend at the Schmoocon hacker conference in Washington D.C., security researcher Charlie Miller presented a new vulnerability in Google's mobile OS Android which allows hackers to remotely take control of the phone's web browser and related processes. If a phone became compromised, the hackers could gain access to the saved credentials stored in the browser and browser history. They could also snoop on your web transactions, even if encrypted.
The current vulnerability is contained in code written by the software company PacketVideo who contributed an open version of their Core multimedia application framework to Android, where it became the multimedia subsystem for the Android web browser.
Once discovered, Miller notified Google of the flaw on January 21st. When Andy Greenberg reported on the issue for Forbes last week, he quoted a Google spokesperson as saying that a fix will be issued "as soon as it becomes available."
Strangely though, a fix is currently available and has been since February 7th. However, Google has not pushed it out to Android phones. Instead, the patch sits here in Google's source code repository which, says Miller, is "irrelevant" as "what matters is what Joe Consumer is carrying in his pocket." He also wonders why Google waited for PacketVideo to contribute the code when it was something Google could have very easily - and quickly - fixed for themselves.



:

