Security Bytes

Mar 5 2008   11:46AM GMT

Pen testers find holes in Google’s Android SDK

Leigha Leigha Cardwell Profile: Leigha

The folks over at penetration testing firm Core Security Technologies are ringing the alarm bell for flaws they’ve uncovered in Google’s Android SDK.

According to an advisory from the company:

“Several vulnerabilities have been found in Android’s core libraries for processing graphic content in some of the most used image formats (.png, .gif an .bmp). While some of these vulnerabilities stem from the use of outdated and vulnerable open source image processing libraries other were introduced by native Android code that use them or that implements new functionality. Exploitation of these vulnerabilities to yield complete control of a phone running the Android platform has been proved possible using the emulator included in the SDK, which emulates phone running the Android platform on an ARM microprocessor.”

The affected versions are as follows:

  • Android SDK m3-rc37a and earlier are vulnerable several bugs in components that process .gif, .png and .bmp images.
  • Android SDK m5-rc14 is vulnerable to a security bug in the component that process .bmp images.
  • Google sent this response to Core:

    “The current version of the Android SDK is an early look release to the open source community, provided so that developers can begin working with the platform to inform and shape our development of Android toward production readiness. The Open Handset Alliance welcomes input from the security community throughout this process. There will be many changes and updates to the platform before Android is ready for end users, including a full security review.”

     Comment on this Post

     
    There was an error processing your information. Please try again later.
    Thanks. We'll let you know when a new response is added.
    Send me notifications when other members comment.

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

    Forgot Password

    No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

    Your password has been sent to: