1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Google throws nearly a billion Android users under the bus, refuses to patch OS vulnerability

Discussion in 'Android Phones' started by ireland, Jan 13, 2015.

  1. ireland

    ireland Active member

    Joined:
    Nov 28, 2002
    Messages:
    3,451
    Likes Received:
    15
    Trophy Points:
    68
    Google throws nearly a billion Android users under the bus, refuses to patch OS vulnerability

    When it comes to providing security updates for previous products, various manufacturers have pursued different strategies. Some, like Microsoft, tend to provide security updates long after they’ve stopped selling an operating system (Microsoft only stopped providing Windows XP support last year). Others, like Google and Apple, have pursued tighter timelines for security updates. Google is now doubling down on that schedule, refusing to patch bugs in Android 4.3 or prior, even when those bugs could expose critical vulnerabilities on nearly a billion devices.

    The flaws in this case affect Android 4.1 to 4.3, aka Jelly Bean, which began shipping in mid-2012 and was the primary version of Android through late 2013, or roughly 14 months ago. Up until quite recently, Google has aggressively patched problems in Android’s WebView rendering engine. Before KitKat (Android 4.4), all versions of Android used the version of WebView found within the Android Browser for rendering HTML webpages. With KitKat and Lollipop, Google updated the operating system to use a WebView plugin derived from its Chromium project.

    When Security firm Rapid7 discovered a new exploit in the Android Browser version of WebView, it contacted Google to inform the company that Android 4.3 and below were vulnerable. Google’s response and policy change are raising major eyebrows. Specifically, the company states that:

    If the affected version [of WebView] is before 4.4, we generally do not develop the patches ourselves, but welcome patches with the report for consideration. Other than notifying OEMs, we will not be able to take action on any report that is affecting versions before 4.4 that are not accompanied with a patch.

    READ MORE HERE

    http://www.extremetech.com/mobile/1...ign=Feed:+ziffdavis/extremetech+(Extremetech)
     
  2. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,724
    Likes Received:
    42
    Trophy Points:
    78
    funny thing here is google was just ripping ms about their lack of patches for vulnerabilities.kinda like the pot calling the kettle black.
     
  3. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,153
    Likes Received:
    134
    Trophy Points:
    143
    2nd that.
     

Share This Page