According to security firm Lookout, approximately half of users are still using vulnerable versions of the browser open AOSP
IDG News Service / USA
October 9, 2014 – 11:15 am
Page 1 of 1
Nearly half of Android devices have a browser that is vulnerable to two serious security problems, according to recent data from the security company Lookout, which highlights that some countries have a considerably higher rate of affected users.
The two security bugs in question were discovered last month by a security researcher named Rafay Baloch and were described as a “disaster of privacy” by other experts. These flaws allow pass a key security barrier called SOP (same-origin policy), which exists in all browsers.
The SOP prevents scripts from one domain to interact with data in a different domain. For example, scripts running on a page hosted on domain A should not be able to interact with content loaded on the same page that comes from the B domain.
Without this restriction, hackers can create pages that load Facebook, Gmail or other sites with sensitive information in an invisible iframe and then trick users to visit these pages to hijack their sessions and read your e-mails or read messages on Facebook, for example.
affected Versions
vulnerabilities to bypass SOP discovered by Baloch affect versions prior to Android 4.4, which, according to Google, are installed in 75 % of all devices with the system visiting the Google Play Store actively. The Android 4.4, in turn, is not vulnerable since it uses the standard Google Chrome browser instead of the Ancient Mariner Android Open Source Project (AOSP).
Patches
Google has released security patches for two vulnerabilities through the AOSP, which serves as the basis for the custom firmware installed on Android devices by manufacturers. The task now falls on handset manufacturers, who need to import these patches and release them as firmware updates for end users.
However, history has shown that the availability of updates of firmware Android varies greatly between different companies and appliances and even between countries, since local operators play an important role in the distribution of updates over-the-air.
This is reflected in the data on these two vulnerabilities that were collected by Lookout from users of its mobile security products. Overall, “Lookout approximately 45% of users have a vulnerable version of AOSP browser installed.”
“We believe that our user base provides a good insight into how Android users, in general, are being affected by these vulnerabilities as” state employees Lookout Jeremy Linden and Meghan Kelly, in a post on the subject
<- END OF FEEDBACK - DISQUS ->
No comments:
Post a Comment