Whenever we hear of exploits in the mobile world, usually they're used for good, like rooting or jailbreaking your device. However, a new exploit recently came to light that could potentially do some damage. At the HouSecCon conference in Houston, MJ Keith, a security researcher with Alert Logic, wrote a piece of code that allows him to run a command line shell that can affect users on Android 2.1 and below visiting a website that contains the offending code. The hole is in Android's WebKit-based browser, not the OS itself. Luckily, the exploit doesn't have full access to a device thanks to the way that Android is built. If the code does manage to work its way onto your handset, it'll have access to anything the browser does, like photos and browsing history, as well as anything on the SD card. Google has said that they're aware of the issue.
Since the exploit takes advantage of the WebKit-based browser in Android rather than the OS itself, you would think that iOS devices could be affected by the same code. No mention has been made of Apple's products, though. Google made no mention of a patch, but considering that Android 2.2 is only on 36.2 percent of devices, I imagine they'd want to get it fixed soon. Until they do, be careful with your browsing, Android users!
Via Pocketnow, PCWorld (Image via Finding Fault)
- Log in to post comments