AndroidSecurityTeam
Latest
RC29, RC30 G1 Android updates get explained
We'd already gotten a general idea about what Google's RC29 and RC30 Android updates for the G1 did, but if you're curious about all the little details, you'll no doubt be pleased to know that the Google Android Security Team has now finally come out and explained the updates themselves. As we had heard, the RC29 update fixed a vulnerability that could potentially let malicious sites take over your browser, but it apparently also fixed two other software bugs, including a universal cross-site scripting problem that could also give someone control of the browser, and an exploit that let folks bypass Android's locking mechanism by booting the phone into safe mode. As for RC30, it apparently not only fixed that little root access issue, but two other bugs related to WebKit, which could, again, let someone take over your browser, and access to the G1's memory to, for instance, read stored cookies and gain online privileges. Google has also clarified that it intends to wait until all users have access to updates before it discloses the full details about them, so it looks like this cycle of confusion is going to be a regular occurrence for G1 owners.[Via Talk Android]
