Architecture, Device Security, Mobile, Endpoint Security, Device Security, Endpoint Security

Android update addresses critical OpenSSL vulnerability

Marcos ColónJune 23, 2014

Shortly after releasing version 4.4.3, Android has pushed out a new version of its KitKat operating system (4.4.4) for Nexus users, which includes a security fix for a critical OpenSSL vulnerability.

According to a Google+ post by Sasha Prueter, an Android program manager at Google, the update addresses CVE-2014-0224, which according to Common Vulnerabilities and Exposures (CVE) database is the tracking number for a recent vulnerability found in OpenSSL.

An attacker would be able to exploit this vulnerability through a man-in-the-middle attack. Through this tactic, a miscreant would have the ability to decrypt and modify any traffic between a client and a server, so long as they each are using OpenSSL, the popular core library that supports Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols.

Marcos Colón

DevOps

How to Secure Your CI/CD Pipeline by Prioritizing Cyber-Risk Management – Tal Morgenstern – ESW #309

March 16, 2023

The CI/CD pipeline is the backbone of the software development process, so it's critical to ensure you are meeting and exceeding the most critical security measures. Throughout this podcast, Tal Morgenstern, Co-founder and CSO of Vulcan Cyber, will break down the process of how organizations can properly secure a CI/CD pipeline into a checklist of ...

Malware

Go-based HinataBot latest botnet to focus on DDoS attacks

Steve ZurierMarch 17, 2023

Akamai researchers say the HinataBot botnet has been active for the first three months on 2023, but has exploited vulnerabilities from as far back as 2014.

Device Security

18 zero-day flaws impact Samsung Android handsets, wearables and telematics

Tom Spring March 17, 2023

Four of the zero-day bugs allow adversaries to remotely compromise a targeted phone with just a phone number - no user interaction required.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Android update addresses critical OpenSSL vulnerability

Related

How to Secure Your CI/CD Pipeline by Prioritizing Cyber-Risk Management – Tal Morgenstern – ESW #309

Go-based HinataBot latest botnet to focus on DDoS attacks

18 zero-day flaws impact Samsung Android handsets, wearables and telematics

Related Events

SYSMON: Gaining Visibility Into Your Enterprise

Free and Open-Source Wireless IDS With Nzyme

Managing Network Exposure in AWS

Get daily email updates