Release date: 2011-12-23
Updated on: 2011-12-26
Affected Systems:
Android Open Handset Alliance Android 3.x
Description:
--------------------------------------------------------------------------------
Android is a project launched by Google through Open Handset Alliance. It is used to provide a complete set of software for mobile devices, including operating systems and middleware.
Android browsers have security problems in displaying error certificate messages. Remote attackers can exploit this vulnerability to use certificates from other sites through iframe to lure users to browse malicious websites.
<* Source: MustLive (mustlive@websecurity.com.ua)
Link: http://archives.neohapsis.com/archives/fulldisclosure/2011-12/0423.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Android
-------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.openhandsetalliance.com/android_overview.html