Google’s open source mobile platform, Android, has always been the target of attackers. Android gives access to wide range of API to developers, which enables number of vulnerability possibilities. According to a recent report, a malicious bug is exploiting one billion Android devices.
The report revealed by Tod Beardslet, a security expert and Rapid7 analyst, has detected the problem under Android WebView on devices running old Android versions. WebView lets apps show web pages within them without necessity of opening different web browser applications. Google has replaced this software in Android v4.4 (KitKat). However, Google didn’t push any update for older versions of Android OS.
In latest events, Google had responded to request by Pakistani security researcher which states, Google will not develop any security patche for web browser bugs for Android v4.3 (Jelly Bean) or earlier. However, if some third party develops bug fix or security patch, Google will push it to these devices.
Android WebView security vulnerability found by Tod Beardslet affects all the phones running Android v4.3 and earlier, which is about 939 million devices. Google sent same response to request submitted by Beardsley. Google writes, “If the affected version is before 4.4, we generally do not develop the patches ourselves, but welcome patches with the report for consideration. Other than notifying OEMs, we will not be able to take action on any report that is affecting versions before 4.4 that are not accompanies with a patch.”
More than 60 per cent of Android devices are running on Android v4.3 and earlier. Some hardware configuration is not sufficient to run Android 4.4 or latest while, in some cases OEMs are working on patching the ASOP Android with custom UI. If you are running Android 4.4 (KitKat) or 5.0 (Lollipop), you have nothing to worry about. Otherwise, you have to wait for your phone’s manufacturer to push Android update.
{{ source }}
You must be logged in to post a comment.