CATEGORIES
home News

Android Bug Exposed, Not as Bad as Feared

by Jennifer JohnsonSaturday, February 14, 2009, 07:24 PM EDT

Earlier this week, Charles Miller, principal security analyst at Independent Security Evaluators, discovered a bug in the multimedia subsystem Android uses for its browser. Initially, Miller warned that the bug could be used to run arbitrary code in the phone’s Web browser. As a result, he urged users to use the browser on the T-Mobile G1 with caution until a patch could be deployed.

Now, Miller is stating the vulnerability isn’t as serious as he first thought: “While the bug can be activated by the browser, the actual code that would be executed by a successful attack would run in the media player, not the browser,” he said. “This means it would live in the media player sandbox and not the browser sandbox, and would presumably have different capabilities. I haven't actually investigated the media player sandbox at this point, so I can't say for sure. This makes the bug less dangerous than I thought.”

The bug exists in PacketVideo’s OpenCore media library. It involves an integer underflow during Hoffman decoding that causes improper bounds checking when writing to a heap allocated buffer. According to an oCERT advisory, decoding a specially crafted MP3 file will result in an unexpected crash or arbitrary code execution as a result of heap corruption.

Android’s media server operates within its own application sandbox, which helps to protect against the type of danger Miller initially alleged. As a result of this separate architecture, a Google spokesperson said security issues in the media server would not affect other applications on the G1 phone such as e-mail, the browser, SMS (Short Message Service), and the dialer. Google designed the OS from the ground up with security in mind. The sandbox architecture was deliberately chosen to limit the damage any exploit could cause.

After Google was notified of the vulnerability, it contacted PacketVideo, T-Mobile, and oCERT. PacketVideo developed a fix for the issue and patched open-source Android by February 7th. The patch was offered to T-Mobile as soon as it became available, but now users are at the mercy of T-Mobile to release the patch. The patch was not included in the G1’s recent RC33 firmware upgrade.

Tags:  Android, security, G1
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment