G1 owners have been warned to stop browsing immediately or risk exposing themselves to the worst of the internet, after researchers found a flaw in PacketVideo's runtime for Android. The flaw was presented by security researcher Charlie Miller at the recent Schmoocon conference, as reported by ReadWriteWeb, and details are …
This is not a browser bug!!!
Charlie Miller has gone way off the reservation and made a lot of claims that can't be backed up. I saw the Shmoocon talk, and he can't cash the checks his mouth is writing.
-This is not a browser bug, it's in the media player.
-It's not Google's code, it's an open-source library from PacketVideo.
-Miller doesn't have a working exploit, and it's not likely that anybody will create one from the code he highlighted. It's a pretty complicated flaw, which only allows the attacker to overwrite ARM registers from a fixed table of constants.
-Even if somebody figures out a way to exploit it, they will be trapped in the media player's sandbox and can't steal cookies or hijack the browser.
Reporters need to be a little more incredulous of Miller's claims. In fact, this should go for all security researchers they interview, too many of which are just trolling the media like Miller.
- YARR! Pirates walk the plank: DMCA magnets sink in Google results
- Pics Whisper tracks its users. So we tracked down its LA office. This is what happened next
- Review Xperia Z3: Crikey, Sony – ANOTHER flagship phondleslab?
- OnePlus One cut-price Android phone on sale to all... for 1 HOUR
- UNIX greybeards threaten Debian fork over systemd plan