Security Holes In Google's Android SDK

Redon Buckeye writes "Google's Android software development kit is using several outdated and vulnerable open-source image processing libraries, some of which can be exploited to take complete control of mobile devices running the Android platform. From the article: 'Several vulnerabilities have been found in Android's core libraries for processing graphic content in some of the most used image formats (PNG, GIF, and BMP). While some of these vulnerabilities stem from the use of outdated and vulnerable open source image-processing libraries, other were introduced by native Android code that uses them or that implements new functionality.'"

Re:yawn

[AKAImBatman]

He was referring to Android, not the libraries. :-/

Re:Re-using, Re-using, Not re-inventing the wheel,

[AKAImBatman]

For this type of problem? You bet your horse it is. Buffer overflow problems are so 1970's. Can we please move on?

Already fixed

[Zach978]

This is already fixed in m5-rc15 which was released yesterday...

Re:Already fixed

[microbee]

Now we know how slow Slashdot editors are.

Re:Dumb

[initdeep]

anybody who read the bugtraq submission of the flaws would no that google themselves responded with a comment that they knew they were using old version of the libraries adn that they were planning on updating them in the next release.

They also pointed out that this iss not BETA code, but merely a release of propsed code to allow potential devlopers to add their insights to the project on which direction the code should go on various portions.

The libraries have now been replaced (evidently) with the newer ones, which probably doens't mean a damn thing as there are no currently available public platforms running the software and won't be for a while.

calling this dumb is a bit overkill.