WELCOME TO EHOST.COM.NP

Tuesday, October 31, 2017

Google Issue Tracker Exploit Allowed the Viewing of Unpatched Vulnerabilities

ads space

Google recently launched a new Issue Tracker and with all new pieces of software, there are bound to be various bugs that may not have been brought to the attention of the developers. Recently, a security researcher named Alex Birsan started noticing his vulnerability reports were being handled by opening a thread within the platform. Inciting his curiosity, the researcher started trying to “break it” and what resulted was a bug that allowed someone to view a full list of known, unpatched vulnerabilities within Google.

Many of us are familiar with Android’s monthly security updates as we talk about them each and every month. But some people may not realize the process that goes into this entire cycle. What generally happens is the security researcher finds the vulnerability, contacts Google about it and then has it verified through the Android bounty program. The two parties agree to time frame as to when they can go public with it and by then Google is generally able to get the patches to 3rd-party OEMs a month before they begin updating their Nexus and Pixel devices.

This means that at any given time the Google Issue Tracker has a list of vulnerabilities that are unpatched and that can be quite dangerous in the hands of the wrong person. This doesn’t only happen with Android devices either since Google uses this Issue Tracker for all of its services. Mr. Birsan found three vulnerabilities within the Google Issue Tracker with the largest of the three allowing them to see a full list of known, unpatched vulnerabilities within Google.

Thankfully Mr. Birsan contacted Google about these vulnerabilities and Google was very quick to respond and fix them (within hours). The company says that so far, there hasn’t been any evidence discovered that would lead them to believe someone else found the bugs and exploited them. For those who are more interested in the details, you’ll definitely want to read through his experience on his recent Medium article.


Via: Motherboard Source: @alex.birsan

ads space
ADS SPACE

0 comments:

Post a Comment

Categories

Article How-to All Posts WordPress Android Web design Blogger Plugins CSS Google JQuery Plugins Programming Reviews Web Hosting Blogger Blogging Blogging Tips Tricks Web Development Facebook Git Internet Make Money Online Social Plugins Tips Tips and Tricks Tools Tutorials Windows WordPress Plugins Blogging Tips and Tricks Freebies GSM Google Analytics HTML How To's JavaScript Plugin Development S.E.O SEO SMS SmartPhone Social Media Tips amp; Tricks Top-Most Updates Webmaster Tools Whatsapp Applications Apps Blogger Basics Documentary Downloads Entertainment Gadgets Games Gmail Google AdSense Guest Post IPhone Make Money Blogging SVN Security Softwares Web Hosting Tips and Tricks Wordpress Tips Wordpress Tips and Tricks hostgator iOS Advertising Networks Advertising Technology Affiliates Antivirus Audience amp; Traffic Biography Blog post Blog post Blogger Blogger Errors Blogger Tips Blogger Tools Blogger Widget Blogosphere Bogger Widgets CSS selectors CSS symbols CSS3 Computer amp; Internet Content Writing Coupon Codes Data amp; Analytics Deleted blog Design DoubleClick for Publishers Email and newsletter marketting Email marketing Excel Tips Excel Tips and Tricks Facebook Tricks Feed Feedburner Feedburner subscribers Font Fun GitHub Giveaways Gmail primary inbox Gmail tabs Google sign-in Guides HTML amp; CSS HTML5 Infographics Inspirational Instagram Internet Marketing Internet Tips amp; Tricks Job Listings Knowledge Life Hacks Lists Make-Money Monetization amp; Conversion Monetize Navigation Online Marketing Other PHP Tutorials Passport Publishing amp; Content Quotes RSS Sidebar Smartphones Social Networking Status Tech Tech Blog Technology Telegram Themes UI / UX User Psychology amp; Research VB.Net Web Tools Web browser Widget Windows Tips Windows-10 ad viewability admin notice blogging tools bluehost cherry-pick clone cors custom scrollbar customizer dismissible notices duplicate post feed title git branch git clone gpg gpg2 hybridauth iPad icon font notice responsive wordpress theme same origin policy scrollbar signed git commit smartsvn theme customizer vcs wordpress theme wordpress themes

Blog Archive