Android update to KitKat to fix OpenSSL vulnerability
On Friday, the Chocolate Factory published firmware images of Android 4.4.4 – yes, we're still talking "KitKat" – for the Nexus 4 and 5 phones and the Nexus 7 and 10 fondleslabs. The build number of the new release is KTU84P.
There are no official release notes so far, but Googler Sascha Prüter said in a postto his Google+ page that the update is "primarily addressing CVE-2014-0224."
That code refers to a wicked vulnerability in the OpenSSL crypto library that allows a "man in the middle" attack, where the attacker can intercept, decrypt, and potentially modify traffic between a client and server.