Google has released its fifth security update for its Android mobile operating system so far in 2016, this time patching 40 vulnerabilities. Of those, 12 are rated as critical, with two of the critical issues identified as remote code execution vulnerabilities in Android’s much maligned mediaserver component.
Adrian Ludwig, Android’s lead security engineer, wrote on Google+ that Google took the problem seriously. Other Google sources added that they did so because they were aware of the problem via the upstream Linux kernel security team. Perception Point, which had claimed that the “vulnerability has implications for … 66 percent of all Android devices (phones/tablets).” had not bothered to tell them about the problem.
Microsoft has handed a pile of money to the OpenBSD Foundation, becoming its first-ever Gold level contributor in the process. “This donation is in recognition of the role of the Foundation in supporting the OpenSSH project,” the Foundation said via a post to the OpenBSD Journal website on Tuesday.
Researchers from Indiana University and the Georgia Institute of Technology said that security holes in both iOS and OS X allow a malicious app to steal passwords from Apple’s Keychain, as well as both Apple and third-party apps. The claims appear to have been confirmed by Apple, Google and others.
Hewlett-Packard said on Thursday that it would sell a new line of networking switches that are manufactured by a Taiwanese company and depend on Linux-based, open-source software from another company.
HP, once at the center of high-tech manufacturing, will not make the new networking equipment but will act as a reseller, providing both online ordering and worldwide support for the product.
Security revelations in 2014 shattered the myth of Linux impenetrability. No, the sky isn’t falling, and yes, Linux is still inherently more secure than Windows—but this year proved that Linux lovers still need to pay at least some attention to their system’s protection.