Saturday 21 June 2014

Google rolls out Android Kitkat 4.4.4 build KTU84P upgrade to fix the CVE-2014-0224 vulnerability

Eager Android fans and aficionados  who were hoping a new version of Google's popular OS for smart phones will be a bit disappointed because Google is rolling out a new version this week. Called Android Kitkat 4.4.4., this new upgrade is being rolled out for for the Nexus 4 and 5 phones and the Nexus 7 and 10. The build number of the new release is KTU84P and will now only be available for above mentioned smart phones and tablets and is aimed at primarily fixing the deadly OpenSSL vulnerability which is called CVE-2014-0224.

Google rolls out Android Kitkat 4.4.4 build KTU84P upgrade to fix the OpenSSL #heartbleed vulnerability

Google has officially not confirmed the release yet but Googler Sascha Prüter said in a post to his Google+ page that the update is "primarily addressing CVE-2014-0224."  

Sascha Prüter has clarified that the update does not cater or address the  #hearbleed vulnerability had caused a lot of heart burns around the world in first week of April 2014 with almost all of websites asking their users to change the passwords. This SSL/TLS MITM vulnerability (CVE-2014-0224) vulnerability in the OpenSSL crypto library that allows a "man in the middle" attack, where the attacker can intercept, decrypt, and potentially modify traffic between a client and server. 

The update comes less than three weeks after the last KitKat version numbered 4.4.3.  Motorola was the first company other than Google to start pushing the 4.4.3 update to its Nexus range of smart phones and tablets.   Motorola confirmed that it was  working on upgrading its Verizon Droid line, the sudden release of Android Kitkat 4.4.4 means it had to halt its plans and re-submit a new update to the wireless carriers.

"This was a significant unplanned effort that we had to undertake," Motorola employee David Schuster said via Google+. "We should be re-entering labs next week and hopefully getting TA (technical approval) in 3 to 5 weeks later depending on the carrier."

Top US mobile operator Sprint has confirmed via its online forums that it will roll out the 4.4.4 update to Nexus devices "in batches," beginning on Friday. Sprint users may visit this Sprint Support page for more information on the updates. Other manufacturers and operators will slowly start releasing the upgrades based on their own time lines.

Developers, modders and Android enthusiasts can get the factory image of Android 4.4.4 KTU84P here.

Update : The post has been edited consequent to a reply from Googler Sascha Prüter regarding Android 4.4.4 not addressing the #heartbleed vulnerability.  The update infact addresses the SSL/TLS MITM vulnerability (CVE-2014-0224) which can be read here.

Update : All devices running on Android 4.3 and below vulnerable to serious code execution flaw in 'Keystore'

Share this post
  • Share to Facebook
  • Share to Twitter
  • Share to Google+
  • Share to Stumble Upon
  • Share to Evernote
  • Share to Blogger
  • Share to Email
  • Share to Yahoo Messenger
  • More...


:) :-) :)) =)) :( :-( :(( :d :-d @-) :p :o :>) (o) [-( :-? (p) :-s (m) 8-) :-t :-b b-( :-# =p~ :-$ (b) (f) x-) (k) (h) (c) cheer

Posts RSSComments RSSBack to top
© 2013 ComboUpdates - Powered by Blogger
Released under Creative Commons 3.0 CC BY-NC 3.0