If you thought you had seen the last of Android Gingerbread’s security vulnerabilities, you are mistaken. A critical bug has been ‘re-discovered’ that enables remote viewing of your files.
Xuxian Jiang, a researcher the University of North Carolina stateside, came across a bug that was originally exposed last year on Android 2.2, AKA Froyo, by security expert Thomas Cannon, but was supposedly patched. It revealed a serious flaw in the stock Android browser that allowed hackers to remotely gain access to files stored in the handset’s SD card.
Jiang has found a way to bypass Google’s patch on none-other-than the latest iteration of Android, Gingerbread, and has already notified Google of the issue with the necessary code to reproduce the hole. The Android team has responded swiftly to look into the problem with an “ultimate fix”. However, the latest discovery deals another embarrassing blow to the search giant, which has only just patched an equally embarrassing SMS bug that sent text messages to the wrong recipients.
Fortunately for Google, security specialists have been the first to uncover the majority of the bugs, but the risk remains very real if the exploits were to fall into the wrong hands.
Google has yet to confirm when this “ultimate fix” will arrive, so in the meantime we advise that you pay close attention to the URL of any website you browse.
Source: Dept. of Computer Science, North Carolina University