It's been more than a month since researchers reported two serious security vulnerabilities in Android, but so far there's no indication when they will be purged from the Google-spawned operating system that's the world's most popular smartphone platform.
Oberheide and Lanier are set to teach a two-day mobile security training course at SOURCE Barcelona this November where they will presumably refer to this and other Android vulnerabilities. Let's hope, for the sake of Android's reputation, that these things are resolved much sooner.
The first vulnerability is known as a "Permission escalation vulnerability", and allows attackers to install additional "arbitrary applications with arbitrary permissions", without first asking the user if they want to permit such actions. This would allow attackers to access call records, texts, web browsing history and media stored on the device.Oberheide and Lanier are set to teach a two-day mobile security training course at SOURCE Barcelona this November where they will presumably refer to this and other Android vulnerabilities. Let's hope, for the sake of Android's reputation, that these things are resolved much sooner.
The second bug only affects the Samsung Nexus S smartphone. It lets attackers gain root access on the device, providing them with full control over the handset. Google has yet to address the security issues.