"Reboot" Bug Part Deux: Google Details Android Fixes

You gotta hand it to Google - they may have learned how to deliver some bugs like the big leaguers, but they also act quickly to squish them splat! Following the reported "reboot" bug where typing the word "reboot" gave users "root" access normally privileged to administrators, Google has responded with an RC30 update that addresses this problem and, apparently, some other security issues as well.

Stephen Shankland over at CNET News lays it out in much more detail, but essentially the latest two patches, RC29 and RC30, address the following issues:

Rich Cannings of the Android security team shared details about the RC29 and RC30 updates that T-Mobile began distributing to G1 customers at least as early as November 1 and November 9, respectively. Google had acknowledged the RC29 patch for the G1 fixed a browser vulnerability that could have let an attacker use malicious code on a Web site to take over the browser. The severity of such issues is limited by Android's security design, which walls off applications into separate compartments to limit an attacker's power. But Cannings said the patch also fixed two other issues.

What are these two other issues, you ask? RC29 itself addressed a couple issues, actually. One is a universal cross-site scripting problem that could give a ne'er-do-well control of your G1's browser. The other is allowing someone to boot the G1 into safe mode, thus bypassing the locking mechanism. How nice.

The RC30 patch addresses the "reboot" problem where users could gain access to "root" privileges. Also, some troubling security issues were addressed. Again, according to Rich Cannings:

RC30 also fixes two Webkit problems that Apple--which also uses the software in its Safari Browser--reported to Google, Cannings said. First is a buffer overrun issue relating to JavaScript style sheets that could let an attacker gain control over the browser by putting malicious code on a Web site. Second is a problem that could let people read what's in the phone's memory, potentially gaining access to Web site cookies and thereby gaining online privileges. "If you're logged into a bank at that time, (an attacker) could steal your banking cookies," Cannings said.  

Gee, I feel safer already. Joking aside, it is nice to know that Google takes these bugs and the security issues they create seriously. Hopefully these updates will fix the problems. What do you think about the way Google has handled these issues?


Brian Hart#AC