Browser Exploit for Android Highlights Google’s Update Problem

Browser Exploit for Android Highlights Google’s Update Problem.

-- Tom

 

What is with the URL?

 

Is this about Android fragmentation problem?

 

Here's my total guess since the URL is screwed:

Some exploit was found in the Android web browser (pre-Chrome) that tons of non-v4.x phones are running. So I guess the answer would be yes.

Have they made Chrome a separate update-able app?

 

http://arstechnica.com/security/201...s-critical-bug-in-majority-of-android-phones/

If you buy Android, buy a Nexus.

 

The link is now fixed.

-- Tom

 

so how to protect against this now ?

 

The article at ArsTechnica says that Google patched the vulnerability last November in Android 4.2, which would imply that users need to upgrade to at least that version to protect against it.

-- Tom

 

If you don't get Android updates for your smartphone, I suggest that you move to CyanogenMod if your device is supported. All the more, as CM offers several great features, like a Privacy Manager (control the permissions of your apps) and granting root access to specific apps (like Adaway and AdblockPlus).

 

My mobile does not update to 4.2 but i have android version 4.0

How to protect against this ?

 

Custom ROM, like the post right above yours... But there's also mitigations like using a different browser, anti-virus, safe browsing habits, etc.

 

and which browser should i not use on my android 4.0 ?

 

Anything that uses the default browser engine, according to the article.

 

Firefox is probably ok?

 

Yes, it should be.

The problem with the standard browser is that is does not get updated via Google Play like 3rd party browsers do.

 

Android under assault as spyware and Trojans ‘grow by 400%’, company claims

http://www.welivesecurity.com/2014/...yware-and-trojans-grow-by-400-company-claims/

 

So if i use Google Chrome then i am all protected ?
Since Google Chrome updates through google play, and if a mobile browser updates then it fixes the security hole right ?

 

Yes you will be protected.

 

Are you sure about it ?

 

Not quite 100% sure, but it makes complete sense.

 

-https://blogs.rsa.com/ibanking-mobile-bot-source-code-leaked/-


-http://protectyournet.blogspot.it/2014/03/androidibanking-malware-how-ftpbbccouk.html-

Recent sample (ESET- Dr WEB Light):




Scan Cloud Clean Master ver 5.x (KingSoft) not detected: