Google Patches Android 'Cupcake'

By Michelle Megna

October 12, 2009

Version 1.5 of the open source mobile platform Android, codenamed Cupcake, faced two vulnerabilities that could have led to denial-of-service (DoS) attacks, according to researchers at the Open Source Computer Emergency Response Team (oCERT).

Microsoft and T-Mobile aren't the only mobile vendors moving to cope with some unexpected headaches: Google has patched two bugs in version 1.5 of its mobile open source platform, Android.

The software version, codenamed Cupcake, faced two vulnerabilities that could have led to denial-of-service (DoS) attacks, according to researchers at the Open Source Computer Emergency Response Team (oCERT).

One of the vulnerabilities involved Android's SMS management, according to an advisory released by oCERT earlier this week. The flaw allows an attacker to use WAP (Wireless Application Protocol) push messages to disconnect a mobile phone from a cellular network. WAP push messages are typically used to send ringtones, wallpaper, and other content to mobile users.

A maliciously coded WAP message can cause the smartphone to reboot without the user's knowledge, which can lead to a temporary loss of connectivity and dropped calls, according to oCERT.

Read the rest of the story at InternetNews.com.



Comment and Contribute
(Maximum characters: 1200). You have
characters left.