We got word late last week of a potentially serious bug affecting nearly all Android devices out there. While full details of the exploit weren’t revealed, the gist was that a malicious app could sidestep security permissions with relative ease. We tried not to be too alarmed by this development, as malware would still need a way to get onto our phones in the first place, and Google Play was reportedly already scanning submissions for signs of this attack. Still, we’d sleep that much better once a full-on fix was available. We heard that the Galaxy S 4 was the only model to date incorporating a fix, and were left wondering when other models might see patches of their own. Today, we slowly start getting answers.
Google has confirmed that it’s developed a fix for this exploit and “a patch has been provided to our partners.” That’s the thing – this can’t be fixed by just updating an app, and is going to require a system update. That means that we’re all at the mercy of our respective OEMs in order to incorporate this fix into future updates – for some of us, that’s going to mean waiting a long time, or never getting the fix at all.
As of now, Google doesn’t seem to have released updated software for Nexus devices itself, so we’re still curious to see when that might arrive. It’s mainly an academic concern, but we’d also still love to get the details of just how this vulnerability works. We may end up having to wait for the Black Hat conference later this month for an explanation.