Google will cease production of patches for critical vulnerabilities in Android 4.3 or older versions. About a billion users remain vulnerable.
On this sad event reported hackers from Rapid7, constantly producing new exploits for WebView – a key component, through which the rendering of web pages in Android.
The old version of WebView exclusively buggy, for it had come out 11 exploits, and no end in sight, writes Todd Beardsley (Tod Beardsley) from the group of developers Metasploit. In updating the operating system Android KitKat (4.4) took place upgrade to a more advanced version of WebView for Chrome, here vulnerability harder to find.
However, until recently, Google regularly releases patches to the old version of WebView after the appearance of each new exploit. This is understandable, because the “Jelly Bean” was the most popular version of Android, and the output of Android 4.3 took place just over a year ago. Not such a long time, if we compare, for example, with a term support of the operating system Windows XP, which Microsoft shut critical vulnerabilities for 13 years.
However, the guys from
So, Google has officially dropped support for Android 4.3. At least the critical patches for WebView she does not intend to produce more.
This leaves 60.9% of users are vulnerable, that is more than 930 million people, given the statistics on the Android Market from Gartner, WSJ and Android Developer Dashboard.
Experts Rapid7 turn to Google’s appeal to change your mind and change your mind.
No comments:
Post a Comment