Comment Malicious Actors? (Score 1) 127
Malicious actors could create a malicious mobile application with a digital identity certificate that claims to be issued by Adobe Systems.
It's a good thing most actors aren't good at programming.
Seriously, why do we feel we must constantly reel words, which were perfectly content in their familiar habitat, into the jargonic fold? "Actor"? Couldn't we have used one of dozens of words already used in everyday English: programmers, hackers, thieves, people? That last suggestion brings up another question: which of the two instances of the word "malicious" could safely be removed from the sentence? Both. After a long introduction about a security hole, we're so ready for a scenario about villainy that we would be positively thrown off otherwise. At least they said "could create" and not "could potentially create."
Someone could put a fake certificate from Adobe into their mobile app.
There.
The flaw appears to have been introduced to Android through an open source component, Apache Harmony. Google turned to Harmony as an alternative means of supporting Java in the absence of a deal with Oracle to license Java directly.
After the lawsuit from Oracle and now this, if I were the one who chose Java as Android's language, I would be kicking myself just about every day now.