This is an Android-heavy day, but there is some good news and this - not so good news for Android users. We've covered a few of the recent security issues Android has expereinced lately - such as the Qualcomm bug, but there is a lot more. Apparently there is also a TCP flaw that affects a mere 1.4 billion Android devices with Android 4.4 or newer installed. Thankfully, I do still have my original Nexus One and that is stuck back at 2.3. Other security issues have seemingly been ignored by Google - but the biggest problem is vender rollout as each manufacturer and then wireless provider have to ensure that patches work with their custom software. More details about the issues below.
The security bug, CVE-2016-5696, allows an attacker who is not in a man-in-the-middle position to probe servers or users for active connections and then guess the packet sequence. This enables the attacker to enter the packet flow between two parties, sniff on unencrypted traffic, or shut down encrypted connections. All Linux kernel versions between v3.6 and up to v4.7 are vulnerable. The first vulnerable version that featured this TCP implementation flaw, version 3.6, was released in 2012 and was also used to create the Android OS 4.4 (KitKat).