Security News > 2011 > May > Google Silently Patches Android Authentication Flaw
http://www.eweek.com/c/a/Security/Google-Silently-Patches-Android-Authentication-Flaw-837349/ By Fahmida Y. Rashid eWEEK.com 2011-05-19 Google is implementing a server-side fix to address the authentication flaw that allows third-parties to access Android user data on Google Calendar, Contacts and Picasa. Google is planning to fix a security issue that could potentially allow hackers and cyber-crooks to access the personal information of people who use the companyâs Android mobile operating system. Google plans to push out the fix within the next week. Researchers at Germanyâs University of Ulm originally found the vulnerability and published their findings on May 13. The flaw only impacts Android applications that authenticate with Google services, such as Calendar and Contacts. If the user opens a WiFi network and tries to access those services, a hacker could potentially intercept the authentication token and use it to log in to the user account for up to two weeks. "Today we're starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third-party access to data available in Calendar and Contacts," a Google spokesman told eWEEK on May 18. [...]
News URL
http://www.eweek.com/c/a/Security/Google-Silently-Patches-Android-Authentication-Flaw-837349/
Related news
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System (source)
- Google patches actively exploited Android vulnerability (CVE-2024-43093) (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Google Cloud to Enforce Multi-Factor Authentication by 2025 for All Users (source)
- Google's mysterious 'search.app' links leave Android users concerned (source)
- Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability (source)
- Google launches on-device AI to alert Android users of scam calls in real-time (source)
- Google's New Restore Credentials Tool Simplifies App Login After Android Migration (source)
- SpyLoan Android malware on Google play installed 8 million times (source)
- 8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play (source)