Hi there, There were two attacks disclosed on Data Stealing through the web browser.
The first technique has been explained and the source of the exploit is now public. For users who cannot upgrade to 2.3, some protections have been proposed, such as using another web browser (which can be easily updated) But the second technique (which bypasses the 2.3 fix) has not been explained yet... Does anyone have an idea of how the fix is bypassed? Btw I didn't hear about any fix for that second vuln yet.... Jose On 11 fév, 19:25, peterw <[email protected]> wrote: > Hmm, the researcher writes of this new flaw that > > "I was told that an ultimate fix will be included no later than the > next major release of Android." > > Is this more evidence that a fear a number of us have expressed > recently, that Google doesn't bother backporting security fixes to > older Android OS releases, is justified? E.G., anyone who can't > upgrade past Android 2.2.x/2.3.0/2.3.1 will always be vulnerable to > this new attack? > > -Peter > > On Feb 10, 12:29 am, perumal316 <[email protected]> wrote: > > > Read about this vulnerability: > > >http://www.csc.ncsu.edu/faculty/jiang/nexuss.html -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
