Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
A researcher at security firm Alert Logic has published code that could be used to compromise some versions of Google's Android Operating System. The exploit, if properly adapted, could make Android phones vulnerable to remote attacks and compromises.
At least it is fixed in 2.2, but as of right now 2.1 still has a slight lead over 2.2 in terms of userbase (it should be noted that no devices currently use 2.0 anymore). Hopefully more devices will get pushed from 2.1 to Froyo, or maybe now directly to Gingerbread (2.3). At the very least, if the manufacturers don't plan on upgrading their devices past 2.1, they can at least issue a fix for the browser itself.
In fact, issues like this may be a sign it is time for Google to break the Browser out of the main OS like they have recently done with the GMail and YouTube apps. By separating the application from the core OS, Google is able to remotely upgrade that specific application without having to get the vendors to issue a whole new firmware upgrade.
At least it is fixed in 2.2, but as of right now 2.1 still has a slight lead over 2.2 in terms of userbase (it should be noted that no devices currently use 2.0 anymore). Hopefully more devices will get pushed from 2.1 to Froyo, or maybe now directly to Gingerbread (2.3). At the very least, if the manufacturers don't plan on upgrading their devices past 2.1, they can at least issue a fix for the browser itself.
Maybe, there are no devices shipping with 2.0, but 1.6 (and, I think, even more tragically, 1.5) are still shipping. And I can't really see definitive information on how far back this bug actually goes.
Worse still, when a phone ships with an OS, it often keeps that OS version for all of its life. A few get some kind of third party mod to a more recent OS version, and some get a manufacturer/provider upgrade, but, as far as I can tell, this remains a minority sport.
Quote:
In fact, issues like this may be a sign it is time for Google to break the Browser out of the main OS...
Now, that would be a really good idea that Google should adopt. Not doing it encourages people to use third party browsers, which seems to undermine any gain Google get from the whole Android business.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
Researcher Publishes Android Browser Exploit
