Security Holes In Google's Android SDK

Redon Buckeye writes "Google's Android software development kit is using several outdated and vulnerable open-source image processing libraries, some of which can be exploited to take complete control of mobile devices running the Android platform. From the article: 'Several vulnerabilities have been found in Android's core libraries for processing graphic content in some of the most used image formats (PNG, GIF, and BMP). While some of these vulnerabilities stem from the use of outdated and vulnerable open source image-processing libraries, other were introduced by native Android code that uses them or that implements new functionality.'"

Re-using, Re-using, Not re-inventing the wheel, bl

[El+Cabri]

I don't understand this obsession in software development, of always considering that if a piece of code exists somewhere that does what you want to do, and somehow you have the right to use it, then you must use it. Bitmap image libraries do not represent any expertise or rocket science that you won't find in a freshman textbook and that anybody with a bit of time on their hands cannot re-implement. Yes it's a pain in the ass and in many cases some people like hobbyist programmers who are trying to put together the ultimate "linux desktop" and such are happy to find them ready-to-use as free software. But Google ? Come on, they're supposed to have all these brilliant minds around. Everybody knows that PNG and JPEG libraries are major vulnerabilities. Pulling one off the shelf just to hack something together and show it in trade shows ? That is so lame. Come on Google and everybody else : invest a little bit and do "re-invent the wheel", just for the chance to do it alittle bit better this time.