Google patches Android security flaw
T-Mobile and Google are distributing a patch to close a browser security hole that came to light in late October. For me, the update went smoothly.
- Shankland covered the tech industry for more than 25 years and was a science writer for five years before that. He has deep expertise in microprocessors, digital photography, computer hardware and software, internet standards, web technology, and more.
Google has begun distributing a patch to its Android mobile phone operating system, an early test for how nimbly the company can respond and how well the infrastructure works to distribute and install updates.
For the Android test phone I'm using, a T-Mobile G1, the update was smoother than the process by which the software problem came to light publicly on October 24.
The handset I'm testing gave me a message Saturday afternoon: "A system update is available," and a choice to update now or later. When I clicked the button to begin the update, it downloaded new software, which took a few minutes, then installed it, then resumed working with no hitches.
The patch fixes the highly publicized security problem with Android's Web browser and makes a few other minor changes, according to a Google spokesman quoted in IT World on Friday.
The researchers--Charlie Miller, Mark Daniel, and Jake Honoroff of Independent Security Evaluators--called the Android Web browser flaw serious, but Google said its severity was mitigated by Android's design, which restricts each program to its own area.
Earlier, Google appealed for what it called "responsible disclosure" of security vulnerabilities--in other words, a grace period to fix problems before they're made public to reduce the likelihood an attacker will get a chance to exploit a vulnerability. There's an ages-old tension between companies that want to fix their products and security researchers who want to get the word out, in part because attackers also are trying to find the vulnerabilities.
Google didn't respond to a request for comment Saturday.
