If you’re an Android user (Specifically Nexus users, but other phone users may apply), you might have noticed that over the last few days the Android 4.4.4 update is being pushed to your phone. Take it from me and download it now because it will make you way safer than you are right now. Specifically, it will make you safer when it comes to SSL. Here’s what PC World had to say:
Sascha Prueter, an Android program manager at Google, shed some light on the changes in the new version when answering a question received from a user on his Google+ page.
The update is “primarily addressing CVE-2014-0224,” he said.
CVE-2014-0224 is the tracking number in the Common Vulnerabilities and Exposures (CVE) database for a serious security flaw found recently in OpenSSL, one of the most popular libraries for supporting the SSL (Secure Sockets Layer) and TLS (Transport Layer Security) secure communications protocols.
The CVE-2014-0224 vulnerability can be exploited by a man-in-the-middle attacker todecrypt and modify traffic between a client and a server that both use OpenSSL, if the server uses OpenSSL 1.0.1 or a newer version. The flaw was patched in OpenSSL 1.0.1h released on June 5.
So, if you are prompted to update to this version of Android, do it. If not, I would say annoy your phone manufacturer and/or carrier to see when you’ll be able to get your hands on it.
Like this:
Like Loading...
Related
This entry was posted on June 22, 2014 at 10:27 am and is filed under Commentary with tags Android. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
One Reason To Update To Android 4.4.4: SSL Hack Fixed
If you’re an Android user (Specifically Nexus users, but other phone users may apply), you might have noticed that over the last few days the Android 4.4.4 update is being pushed to your phone. Take it from me and download it now because it will make you way safer than you are right now. Specifically, it will make you safer when it comes to SSL. Here’s what PC World had to say:
Sascha Prueter, an Android program manager at Google, shed some light on the changes in the new version when answering a question received from a user on his Google+ page.
The update is “primarily addressing CVE-2014-0224,” he said.
CVE-2014-0224 is the tracking number in the Common Vulnerabilities and Exposures (CVE) database for a serious security flaw found recently in OpenSSL, one of the most popular libraries for supporting the SSL (Secure Sockets Layer) and TLS (Transport Layer Security) secure communications protocols.
The CVE-2014-0224 vulnerability can be exploited by a man-in-the-middle attacker todecrypt and modify traffic between a client and a server that both use OpenSSL, if the server uses OpenSSL 1.0.1 or a newer version. The flaw was patched in OpenSSL 1.0.1h released on June 5.
So, if you are prompted to update to this version of Android, do it. If not, I would say annoy your phone manufacturer and/or carrier to see when you’ll be able to get your hands on it.
Share this:
Like this:
Related
This entry was posted on June 22, 2014 at 10:27 am and is filed under Commentary with tags Android. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.