Core Security Technologies has published a CoreLabs Advisory, “Multiple vulnerabilities in Google’s Android SDK” which explains:
Several vulnerabilities have been found in Android’s core libraries for processing graphic content in some of the most used image formats (PNG, GIF an BMP). While some of these vulnerabilities stem from the use of outdated and vulnerable open source image processing libraries, otherss were introduced by native Android code that use them or that implement new functionality.
Exploitation of these vulnerabilities to yield complete control of a phone running the Android platform has been proved possible using the emulator included in the SDK, which emulates phone running the Android platform on an ARM microprocessor.
This advisory contains technical descriptions of these security bugs, including a proof of concept exploit to run arbitrary code, proving the possibility of running code on Android stack (over an ARM architecture) via a binary exploit.
Full advisory here.
Ouch. Definitely not good news for Google.
Needs a catchier headline though, like “Army of Zombie Androids.”
And people wonder why Apple is so meticulous about releasing stuff for the iPhone.
Public relations nightmare.
Isn’t this why it’s still in BETA??????
Honestly, talk about tin foil hats…
Don’t knock tin foil hats . . . they keep the aliens from reading my thoughts.
Just another reason why I don’t use anything created by Google.
I agree, This is why companies release Beta editions first. Granted, Google has a long tradition of making things Beta for 2 or more years.
I expect apple to release a Beta of the SDK today and not release the full version until June.
And Who else here thinks the “Android” name will change when the 1.0 version is released. I don’t like it as a name for an operating system. I think they can do better.
Does this post mean that Android is an official competitor of the iPhone? A declaration of war by MDN? Are we gearing up to take it on? Is it going to be the iPhone fanboys and fangirls against the Android squad?
“Army of Zombie Androids.”
Or Cheney’s staff.
my hats are lined with gold foil inside a triple layer of aluminum, with a kevlar and nomex lining for heat resistance and all day comfort.
And it has an apple logo on the front.
Well, if Google are gonna run Android as a Beta for two-odd years, I guess we can expect Micro$oft to keep Beta-testing Vista for the next several…
“…Don’t knock tin foil hats . . . they keep the aliens from reading my thoughts…”
…not to mention the CIA, ATF and James Carville..
To recap, there’s an army of wireless, robotic hats infected with a virus. Don’t tell Michael Bay.
Where’s all the news about Windows Vista viruses? You’re slacking MDN.
Does google have anything that is not a beta?
I thought that was there M.O., slap something together , release it, claim it is a beta and improve it over the next century.
This is exactly why I hope Apple keeps an iron fist and lock on the iPhone. We hear so many whiners going on and on about how evil Apple is for bricking hacked iPhones, and how important it is that they be able to run apps on the iPhone, but they only give lip service to security.
I don’t want my iPhone hacked by loner malcontents who have nothing better to than to harass people through their technology. Please Apple, keep the iPhone safe. Keep it secure and don’t let the nerds worm their way into what is a very good thing!
Isn’t this why it’s still in BETA??????
True, but is anything from Google not a Beta?
This is the beauty of Open Source. These things will be fixed asap, ensuring security for the time being, until someone else finds a hole. I have a lot of confidence in Google. They are a very interesting counterpart to Apple. One is very open and collaborative, while the other is tight-lipped and meticulous. Both accomplish their goals quite well.
Google is a very confusing world. if you can trust on it ten you have allowed it to access your everything. I read http://teacherhabits.com/5-effective-techniques-for-improving-student-performance-with-the-help-of-psychology/ article which is best for students to understand such topics. Multiple security vulnerabilities in Google’s Android SDK can give hackers complete control of phone that is not the good news. We trust in google but google doesn’t.
I am pretty happy to read about his stuff.