Android devices not running either the KitKat or Lollipop versions of the operating system – of which there are approximately 939 million devices – have been found to have a vulnerability in Android WebView, leaving the software open to attack. Google has been aware of the problem for months, but is yet to provide an update or patch to fix it.
The vulnerability in Android WebView allows apps to display web pages without opening a separate app window, meaning access to WebView potentially gives a hacker access to other apps and services on the phone or tablet.
Tod Beardsley of security researchers Rapid7 contacted Google regarding the matter. He was told: “If the affected version [of WebView] is before 4.4, we generally do not develop the patches ourselves, but welcome patches with the report for consideration. Other than notifying OEMs, we will not be able to take action on any report that is affecting versions before 4.4 that are not accompanied with a patch.”
“Google’s reasoning for this policy shift is that they ‘no longer certify 3rd party devices that include the Android Browser’, and ‘the best way to ensure that Android devices are secure is to update them to the latest version of Android’,” Beardsley said. “On its face, this seems like a reasonable decision. Maintaining support for a software product that is two versions behind would be fairly unusual in both the proprietary and open source software worlds.”
Source: BGR
According to a new report, the GeForce RTX 5090 GPU will be very expensive. It…
A new AMD processor in the form of an engineering model has been leaked in…
SK Hynix has claimed to be the first company to mass-produce 321-layer NAND memory chips.…
SOUNDS GREAT – Full stereo sound (12W peak power) gives your setup a booming audio…
Special Edition Yoshi design Ergonomic controller shape with Nintendo Switch button layout Detachable 10ft (3m)…
Fluid Motion: These flight rudder pedals are smooth and accurate that enable precise control over…