First off, there have been a number of "android" vulnerabilities, go look at haxxor news and see what you turn up. Secondly the most common method to attack a phone is to have you install something you shouldn't. I could make you install an image that has my own personal backdoor onto it. Most vulnerabilities are introduced by the user. More so those bulletins probably were taken down when the vulnerability was removed in the followup emergency push.
Lastly what is your definition of noteworthy? Is note worthy DOSing your phone via SMS? that has been done I'm sure there are also other areas of the phone that need to be researched and looked at. Having some toolrod open a PDF and pwn their phone just like they did on the iphone is an example. The point is, you have a phone, its actually a computer, it will have vulnerabilities, they are doing their best to remove them. The most you may hear of it is a little blurb with someones name on it for finding the bug. On Sep 10, 5:19 am, Jan Niggemann <[email protected]> wrote: > 2010/9/10 Chris Stratton <[email protected]> > > > As a practical matter, there is a large difference between google > > employees fixing something in git vs waking up to find that your > > carrier has pushed an OTA update to your phone. > > Although I agree, that's not my point. I'm wondering if there are really no > security bugs at all, as I can hardly believe that. > > > The irony of course is that the only way to stay patched on most > > consumer phones is to exploit one of the current bugs to obtain do it > > yourself update permissions ;-) > > Also true, but also not what I wanted to know. > > The Android Security Team introduced itself on 18 Aug 2008 to the full > disclosure mailing list, saying: > "Our vulnerability bulletins will credit responsible reporters of any > flaws." > Now, where *are *those bulletins? > Can someone plase confirm that since its very beginning, there are no > noteworthy security bugs in Android? > > jan -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
