Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Android update addresses critical OpenSSL vulnerability

Shortly after releasing version 4.4.3, Android has pushed out a new version of its KitKat operating system (4.4.4) for Nexus users, which includes a security fix for a critical OpenSSL vulnerability.

According to a Google+ post by Sasha Prueter, an Android program manager at Google, the update addresses CVE-2014-0224, which according to Common Vulnerabilities and Exposures (CVE) database is the tracking number for a recent vulnerability found in OpenSSL.

An attacker would be able to exploit this vulnerability through a man-in-the-middle attack. Through this tactic, a miscreant would have the ability to decrypt and modify any traffic between a client and a server, so long as they each are using OpenSSL, the popular core library that supports Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.