Google issues patch for major Android security flaw to OEM partners


Google (NASDAQ:GOOG) is distributing a patch to manufacturing partners to fix a major vulnerability affecting its Android mobile operating system. 

The vulnerability, identified last week by mobile security solutions firm Bluebox, allows hackers to modify APK code without breaking an application's cryptographic signature, creating malicious Trojans that go undetected by the app store, device or consumer. The flaw dates back at least as far as the fall 2009 release of Android 1.6, codenamed "Donut," and it could impact any Android phone released in the last four years--close to 900 million units in all, or roughly 99 percent of all devices running the Google OS.

Google's Android Communications Manager Gina Scigliano told ZDNet that she could "confirm that a patch has been provided to our partners. Some OEMs, like Samsung, are already shipping the fix to the Android devices."

Android device owners have little to worry about while waiting for hardware vendors to deliver the update. "We have not seen any evidence of exploitation in Google Play or other app stores via our security scanning tools," Scigliano said. "Google Play scans for this issue and Verify Apps provides protection for Android users who download apps to their devices outside of Play."

Mobile malware threats surged 614 percent between March 2012 and March 2013 to eclipse 275,000 total malicious apps, according to a Juniper Networks report issued late last month. Ninety-two percent of all mobile malware identified by Juniper's Mobile Threat Center targets Android, up from 24 percent in 2010. Juniper blames Android's vulnerabilities on the fragmentation afflicting the open-source platform, noting that the vast majority of devices run older versions of the OS, preventing them from receiving new security measures delivered by Google and leaving users exposed even to known threats.

For more:
- read this ZDNet article

Related articles:
Bluebox: Android security flaw exposes 99 percent of devices to hacker attack
Juniper Networks: Mobile malware threats explode 614 percent year-over-year
Lookout: 1M U.S. Android owners have downloaded adware in past year
Android malware disguised as mobile ad network infects up to 9 million devices
ACLU lobbies FTC to probe carriers over Android security
Report: Android malware doubled in 2012, infecting 3 million devices