Google has started revealing details about the security flaw they patched in recent updates for the T-Mobile G1.  Rich Cannings of the Android security team has come fourth to reveal details about the RC29 and RC30 update that Google has not previously announced.

Google acknowledged the security flaw in the Browser which was fixed recently in the RC29 update, but Cannings stated there were two other issues addressed in the update.  Google fixed a security flaw that allowed people to bypass Android’s locking mechanism by booting the G1 in safe mode.  Google has decided to wait until patches have been given to all users before disclosing all the details about updates. They plan on publishing fuller details on their Android Security Announcements group soon.

RC30 which was delivered about a week after RC29, fixed a rare root-console problem in Android that automatically send all keystrokes to the root shell as a command.  The issue was found when a user tried to type the word “reboot” in a text message only to find the device rebooting itself.  Google left in a feature that let programmers execute commands with a remote device that was attached via serial port. When no device is attached the keyboard was used to input these commands.
“We tried really hard to secure Android. This is definitely a big bug,” he said. “The reason why we consider it a large security issue is because root access on the device breaks our application sandbox.”

Also fixed in the RC30 update were two Webkit problems reported to Apple by iPhone users. The first issue was a buffer overrun problem that allowed attackers to gain control over the browser by simply putting a malicious code on a Web site.  The second problem allowed people to read what is stored in the phone’s memory to gain access to Web site cookies, potentially allowing them to gain online privileges. “If you’re logged into a bank at that time, (an attacker) could steal your banking cookies,” Cannings said. steal your banking cookies,” Cannings said.

[Via CNET]