The Google Android SDK for developing mobile applications contained a slew of vulnerabilities, including a passwordless root account.
Since the end of January, Google received reports about its The trio of vulnerabilities detected by Core all concerned the processing of images by Android's web browser. Core said the flaws in processing GIF, BMP, and PNG images could have enabled a malicious website to attack the platform and ultimately execute arbitrary code. A little sloppiness, not on Google's part, could be to blame for the problems Core found. They noted the use of an outdated libpng reference library for handling PNG images in a library used by Android. Google has since updated Android with a current version of libpng that should eliminate that particular problem. Fixes for the GIF and BMP issues arrived with newer SDK releases. However, followup research by Core found the root account arriving without a password by default. "Unprivileged users with shell access can simply use the su program to gain privileges," said Core.Google Android Had Some Glitches
0 views
Comments (0)
Please sign in to leave a comment.
No comments yet. Be the first to comment!