Retired Webrooter
Retired Webrooter

Android update to KitKat to fix OpenSSL vulnerability

On Friday, the Chocolate Factory published firmware images of Android 4.4.4 – yes, we're still talking "KitKat" – for the Nexus 4 and 5 phones and the Nexus 7 and 10 fondleslabs. The build number of the new release is KTU84P.


There are no official release notes so far, but Googler Sascha Prüter said in a postto his Google+ page that the update is "primarily addressing CVE-2014-0224."


That code refers to a wicked vulnerability in the OpenSSL crypto library that allows a "man in the middle" attack, where the attacker can intercept, decrypt, and potentially modify traffic between a client and server.


Full article here.