Well that didn’t take long. Yesterday, we told you about an Android vulnerability found in ClientLogin that could have serious security ramifications. Using a dummy open access-point, a nefarious third party could passively — via Wi-Fi — collect authentication tokens to password protected services such as Facebook, Twitter, and Google Calendar stored on affected Android devices. Speaking with Mobilized’s Ina Fried, the Android-maker has stated that it is taking action, and fast. “Today we’re starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts,” Google told the publication. “This fix requires no action from users and will roll out globally over the next few days.” The vulnerability will still be present in the company’s Picasa online photo offering, but Google stated that it is working to patch that service as well.
Nintendo will launch the 3DS web browser and eShop on June 6th during the E3 game tradeshow in Los Angeles. A post on Nintendo’s website confirms: “The Nintendo eShop will be enabled through a system update which has been announced for the evening of June 6, 2011. We’ll have more information for you after this update becomes available.” The eShop should allow 3DS users to download extra game content directly to their devices, although it’s unclear what else will be available at launch. Nintendo has said that a Netflix client is in the works, so our fingers are crossed that it’s part of the package, too. We reviewed the Nintendo 3DS in early April and the lack of an eShop, Netflix, and web browser, were some of our biggest gripes with the device. More →
During Google I/O today, the company announced that it’s working with its partners – including AT&T, HTC, LG, Motorola, Samsung, Sony Ericsson, Sprint, T-Mobile, and Verizon Wireless — on getting new Android updates to users faster and on curtailing Android fragmentation. As part of the same effort, if your hardware supports it, Google and its partners will guarantee that your phone gets the latest Android iteration for at least 18 months after the device hits the market. That should mean that end users won’t have to sit around for months, or years, to find out that the hottest version of Android will never be available for their devices. Google hasn’t clarified if this begins now with Android 2.3 (we doubt it), or if it starts with Ice Cream Sandwich. For now, Google just admits that it’s a “logistic problem,” and it’s unclear how long it will take for Google’s partners to actually get the updates out the door. It sounds like Google has its head in the right place but it doesn’t seem like the company has fleshed out how it can deliver on these promises yet. We just hope that it won’t involve too many compromises.
Verizon Wireless has announced that it will issue a software update for the HTC ThunderBolt on May 3rd. The update will enhance the connectivity to Verizon’s 3G network – when a 4G signal isn’t available, of course – and will also fix some email and SMS bugs so that messages are stored properly in your inbox. Verizon also said that, after the patch is applied, the Backup Assistant application will display properly in the applications menu. Other fixes include faster loading of GPS updates and stability improvements for Facebook, KAYAK, Yahoo! Mail, My Verizon, and others. Unfortunately, the update doesn’t appear to offer any improvements to the ThunderBolt’s notoriously bad battery life. More →
Motorola has announced that there is a new software update available for the Verizon Wireless DROID Pro. Unfortunately the patch will not update your DROID Pro to Android 2.3 (Gingerbread), but it should reduce the frequency of UI lockups, offer improved audio during calls, and the following fixes:
- Improved audio on voice calls.
- Improved stability and performance.
- User interface display now refreshes when user switches from GSM/UMTS communication to Global Mode.
- Device now prepends 011 to Country Code to send SMS messages.
- Global Mode no longer resets when connecting to a USB charger.
- Visual Voice Mail now detects airplane mode while Wi-Fi is active.
- Prompt return to full screen brightness after wake-up.
- Upgraded Bluetooth firmware.
- Improved interoperability with Microsoft Internet Application Gateway (IAG) configurations.
- Device string format for Exchange changed to include device name and version number.
- Upgrade to Google applications Release 7
On Monday, Barnes & Noble announced that it will be updating the NOOK Color eReader with Android 2.2 (Froyo) and a number of other enhancements. The software patch — which will deliver Adobe Flash Player support – adds a NOOK Friends beta social network for sharing books, 15 new NOOK Kids Read and Play books, NOOK Email, NOOK Books Enhanced with embedded video and audio, and NOOK Newsstand for quick access to magazines and newspapers. A new NOOK Apps store will provide access to more than 125 applications, many of which are free or are priced below the $2.99 price point. The update, officially known as NOOK Color v1.2, is available now for free. NOOK Color owners can visit http://www.nookcolor.com/update to apply it now, or you can wait for an over-the-air update to roll out over the coming weeks. Hit the jump for the full press release. More →
Last week, we told you about a weakness discovered in Skype’s Android client. The issue stemmed from a combination of incorrect file permissions and lack of encryption usage on the database files used to store contact information, chat history, and more. The company has gone ahead and updated said client, and as an added bonus has included the ability to make VoIP calls via your phone’s 3G data connection. “Calling over your 3G connection is available worldwide – now including the US,” reads the post. We can’t see any reason not to mosey on over to the Android Market and update to the latest version of Skype. The scannable QR code is after the jump. More →
Apple has updated iTunes to version 10.2.2, which should fix several errors that have caused iPads to lock up during sync. The update also applies stability and performance improvements and fixes a bug that has caused iPhones, iPads, and iPod touch units to sync for longer than is necessary. Apple also said iTunes 10.2.2 will fix skipping issues that occur during video previews in the iTunes Store. Users should be prompted to install the latest version of iTunes upon program launch. More →
Software version 4.1.57 for the Motorola ATRIX 4G is now available. The 17MB file, issued by Motorola, adds a number of improvements but is not the expected AT&T update that includes HSUPA support. After downloading the update, Motorola says users should notice the following changes:
- Bluetooth: Improved multimedia experience with Bluetooth devices as well as the ability to use phone with additional headsets.
- Fingerprint reader: Improved fingerprint reader performance.
- Battery: Improved battery performance for longer battery life.
- Screen: Display will turn off automatically now while charging directly on wall charger.
- Phone stability: Improved stability resulting in fewer occurrences of touch unresponsiveness and/of programs quitting unexpectedly.
- Car dock: Improved performance of car dock and 3.5mm jack.
It’s been reported that the update may cause some issues with those who have rooted their phones. AT&T has said that the upcoming HSUPA software update, which should ratchet up upload speeds on the ATRIX 4G and Inspire 4G, will land in April. Hit the jump for instructions on installing software version 4.1.57 on your ATRIX 4G.
Earlier this week, the Mozilla organization released updated versions of its 3.5 and 3.6 Firefox Web browsers. The updated bits patched 13 vulnerabilities found in the code-base, and 11 of the aforementioned security issues were listed as “critical” by the company. The vulnerabilities ranged from buffer and integer overflows to SSL spoofing. If you’re using Firefox 3.5 or 3.6 be sure to click the “Check for Updates” link under the “Help” menu to grab the latest and greatest from Mozilla. More →
Adobe released a security bulletin today warning of a critical, zero-day vulnerability in their Reader and Flash Player software. The bulletin notes that an unpactched system could “crash [your system] and potentially allow an attacker to take control of the affected system.” The vulnerability is affecting:
- Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
- Adobe Flash Player 10.1.95.2 and earlier for Android
- Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and UNIX
- Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh
- Adobe Reader and Acrobat 8.x are confirmed not vulnerable. Adobe Reader for Android is not affected by this issue.
Adobe is promising an update to fix the issue by November 9. Hit the read link to read more and for mitigation instructions for your specific platform. More →
A quick note on Sprint’s support site indicates that the HTC EVO 4G will be getting a small software update sometime in the near future. The update lists “calendar event edit issues” and “multiple Gmail account sync” as the two problems it is designed to address. The version number is also listed at 3.29.651.5. You can check for the update by navigating to Settings > System Updates > HTC software update on your EVO 4G. More →
UPDATE: Bob Lord, Twitter’s security chief, has put up an official blog post explaining exactly what happened this morning. You can read that article here. More →