To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://networks.silicon.com/mobile/0,39024665,39335884,00.htm

Android security hole gets patched up
Big test for Google OS…

By Stephen Shankland

Published: Monday 03 November 2008

Google has begun distributing a patch to its Android mobile phone operating system, an early test for how nimbly the company can respond and how well the infrastructure works to distribute and install updates.

The patch fixes the highly publicised security problem with Android's web browser, which came to light publicly on 24 October, and makes a few other minor changes, according to a Google spokesman quoted in IT World on Friday.

The researchers - Charlie Miller, Mark Daniel and Jake Honoroff of Independent Security Evaluators - called the Android web browser flaw serious, but Google said its severity was mitigated by Android's design, which restricts each program to its own area.

Earlier, Google appealed for what it called "responsible disclosure" of security vulnerabilities - in other words, a grace period to fix problems before they're made public to reduce the likelihood an attacker will get a chance to exploit a vulnerability. There's an ages-old tension between companies that want to fix their products and security researchers who want to get the word out, in part because attackers also are trying to find the vulnerabilities.

Google didn't respond to a request for comment at the time of writing.