Notification Center

This is our new notification center. Inside, you will find updates on the most important things happening right now.

Notifications

Hmm, push notifications seem to be disabled in your browser. You can enable them from the 'Settings' icon in the URL bar of your browser.

www.phonearena.com

Android 4.3 has dangerous, but difficult to exploit, security flaw

28
Android 4.3 has dangerous, but difficult to exploit, security flaw
Whenever there is a security flaw found in any mobile platform, people tend to go a bit overboard, but that is never more apparent than when dealing with Android. Android has the reputation of being a haven for malware (which is only true if you have to rely on un-trusted sources for apps), so when IBM reported a security flaw in Android 4.3, the response was unsurprisingly alarmist.

The problem started with IBM itself. IBM security researchers found the flaw back in September, and reported it to the Android Security Team at Google. Somehow, although IBM found the flaw nine months ago, the company mistakenly thought that the flaw affected all Android versions up to 4.3, but that wasn't accurate (although it has been reported that way from various outlets). In fact, the flaw only affects Android 4.3 and doesn't cause problems with any versions before or after. So, the flaw is only a problem for about 10% of the ecosystem.

The security flaw itself is a relatively dangerous one, which could allow malicious hackers to gain access to the Android KeyStore and uncover user banking and virtual private network credentials, PINs, and unlock patterns. That sounds pretty bad, but it turns out that there are fail-safes built into Android, like data execution prevention and address space layout randomization, which make exploiting the flaw very difficult. And, a hacker would also have to get a helper app installed on the target device in order to fully exploit the flaw. Of course, any flaw in the KeyStore is a serious matter; so, if you're stuck on 4.3, you should start bugging your manufacturer to update. And, as usual, be careful about side-loading apps because that's your best defense. 

source: IBM via Ars Technica

New reasons to get excited every week

Get the most important news, reviews and deals in mobile tech delivered straight to your inbox

FCC OKs Cingular\'s purchase of AT&T Wireless