Feeds

back to article PacketVideo opens doorway to Android

G1 owners have been warned to stop browsing immediately or risk exposing themselves to the worst of the internet, after researchers found a flaw in PacketVideo's runtime for Android. The flaw was presented by security researcher Charlie Miller at the recent Schmoocon conference, as reported by ReadWriteWeb, and details are …

COMMENTS

This topic is closed for new posts.
Linux

This is not a browser bug!!!

Charlie Miller has gone way off the reservation and made a lot of claims that can't be backed up. I saw the Shmoocon talk, and he can't cash the checks his mouth is writing.

-This is not a browser bug, it's in the media player.

-It's not Google's code, it's an open-source library from PacketVideo.

-Miller doesn't have a working exploit, and it's not likely that anybody will create one from the code he highlighted. It's a pretty complicated flaw, which only allows the attacker to overwrite ARM registers from a fixed table of constants.

-Even if somebody figures out a way to exploit it, they will be trapped in the media player's sandbox and can't steal cookies or hijack the browser.

Reporters need to be a little more incredulous of Miller's claims. In fact, this should go for all security researchers they interview, too many of which are just trolling the media like Miller.

0
0
This topic is closed for new posts.