New Android Exploit Discovered To Steal Data 98
mimd writes "A researcher at North Carolina State University has discovered yet another Android Browser exploit that affects the new Android 2.3 (Gingerbread) and previous versions. Slashdot recently covered a previous browser exploit that affected all versions of the Android Browser, but was patched in 2.3. Xuxian Jiang writes 'our finding here is that the patch contained in Android 2.3 is not an ultimate fix and can still be bypassed. We have a proof-of-concept exploit with a stock Nexus S phone and are able to successfully exploit the vulnerability to steal potentially personal information from the phone.' The exploit is capable of reading and writing files from an Android's sdcard or system partition as well as uploading user data over the internet."
Just dont use the stock browser (Score:4, Informative)
Im not minimizing the problem or its potential consequences, but the article says:
For now, Android users can protect themselves by disabling JavaScript support in the browser, or by using a third-party browser for now.
So the problem is the browser, not the OS, and it can be circumvented by using another browser (what a lot of people do, for example Opera and Dolphin). Good to know, since I use Dolphin most of the time, and Firefox Beta (still terribly buggy) now and then.
Re:Windowsesqe (Score:5, Informative)
1) back all the way out of the Market
2) Go to Settings --> Applications --> Manage Applications
3) Click on the "All" tab at the top
4) Wait a couple of minutes, and then find "Market" in the list (list isn't always in order, so it can be hard to find if you have a lot of apps)
5) Click "Market"
6) If the "Force Stop" button isn't grayed, click it to force the Market app to end
7) Click the "Clear Data" button
8) Re-launch the Market app, click "Agree", and try it again.
I know it's stupid, but it does work about 90% of the time. If not, rinse and repeat.