Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • IT Management
    • Servers

    Google Android Bug Not as Bad as Feared, Security Researcher Says

    By
    Brian Prince
    -
    February 13, 2009
    Share
    Facebook
    Twitter
    Linkedin

      A security researcher is backing away from a warning he issued about the Google Android operating system.

      Charles Miller, principal security analyst at Independent Security Evaluators, discovered a vulnerability in the multimedia subsystem Android uses for its browser. The bug, which exists in PacketVideo’s OpenCore media library, is an integer underflow during Hoffman decoding that causes improper bounds checking when writing to a heap allocated buffer.

      Although Miller initially said the bug could be exploited to run arbitrary code in the browser, he stated late Feb. 12 that the vulnerability wasn’t as serious as he first thought.

      “While the bug can be activated by the browser, the actual code that would be executed by a successful attack would run in the media player, not the browser,” he said. “This means it would live in the media player sandbox and not the browser sandbox, and would presumably have different capabilities. I haven’t actually investigated the media player sandbox at this point, so I can’t say for sure.”

      “This makes the bug less dangerous than I thought,” he concluded.

      After Google was notified of the vulnerability, it contacted PacketVideo, T-Mobile and oCERT, a public Computer Emergency Response Team, a Google spokesman said Feb. 12. PacketVideo developed a fix on Feb. 5 and patched open-source Android two days later.

      “We offered the patch to T-Mobile when it became available, and G1 users will be updated at T-Mobile’s discretion,” a Google spokesperson said at the time.

      The spokesman explained that Android’s media server works within its own application sandbox, mitigating against the type of damage Miller first alleged. Security issues in the media server would not affect other applications on the G1 phone such as e-mail, the browser, SMS (Short Message Service) and the dialer, the spokesman added.

      “If the bug Charlie reported to us on Jan. 21 is exploited, it would be limited to the media server and could only exploit actions the media server performs, such as listen to and alter some audio and visual media,” the spokesperson said.

      Avatar
      Brian Prince

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×