Mobile

Android update addresses critical OpenSSL vulnerability

June 23, 2014

Shortly after releasing version 4.4.3, Android has pushed out a new version of its KitKat operating system (4.4.4) for Nexus users, which includes a security fix for a critical OpenSSL vulnerability.

According to a Google+ post by Sasha Prueter, an Android program manager at Google, the update addresses CVE-2014-0224, which according to Common Vulnerabilities and Exposures (CVE) database is the tracking number for a recent vulnerability found in OpenSSL.

An attacker would be able to exploit this vulnerability through a man-in-the-middle attack. Through this tactic, a miscreant would have the ability to decrypt and modify any traffic between a client and a server, so long as they each are using OpenSSL, the popular core library that supports Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols.

prestitial ad