Android 4 .4 .4 KTU84P Factory Images & Driver Binaries Are Now Available for Nexus Devices! Just over sometime ago 4.4.3 was launched after many leaks, while the next big version is being awaited at the I/O later this month, the update has taken everyone by surprise. Seriously, No one saw it coming with Google I/O just over a week ahead and everyones super excited for Android Lollipop 5.0 ( or maybe 4.5 ).

The guys over at FunkyAndroid have released the entire changelog as ever from KTU84M (4.4.3_r1.1) to KTU84P (4.4.4_r1)

Project: platform/build
27aae42 : “KTU84P”
7f83b7c : MR2.1 – Version 4.4.4. Here we go! DO NOT MERGE

Project: platform/cts
b8e2dab : DO NOT MERGE Update for version bump
6da2c75 : CTS test for OpenSSL’s early CCS issue
(CVE-2014-0224)
a3b762f : Disable host side holotests also
8e02f46 : CTS report MUST not display raw performance
numbers. bug:13347703
510cfbc : media: Refactor and improve robustness of
AdaptivePlaybackTest
e502d40 : Fix a concurrency bug in
OpenSSLHeartbleedTest.
3a90060 : hardware: consumerir: Increase test pattern
length
c070509 : hardware: consumerir: Fix time discrepancy
1856a4e : CTS test for Heartbleed vulnerability in SSLSocket.

Project: platform/external/
chromium_org
76d1172 : Backport “Recycle old V8 wrapper objects on
navigations”
afae5d8 : Block access to java.lang.Object.getClass in
injected Java objects

Project: platform/external/
chromium_org/third_party/
WebKit
3fb1c1e : Fix Java Bridge wrapper properties cleanup for
multi-frame pages
b13a6de : Cherry-pick “Export
WebCore::forgetV8ObjectForNPObject”

Project: platform/external/
chromium_org/third_party/
openssl
e2f305e : Cherrypick “OpenSSL: add CVE fixes from
1.0.1h”

Project: platform/external/
openssl
dd1da36 : Fix Early CCS bug

Project: platform/frameworks/
base
63ade05 : Add EventLog event for logging of attempts to
call java.lang.Object.getClass

Project: platform/frameworks/
webview
7a7dce8 : Sanitize selector Intent when handling intent:
scheme.

The above raw log wouldn’t be possible without the modified version of this script written by JBQ . t is clear that this is a security fix along with few minor fixes for webview and chromium, as well as event logging.

Also, as pointed out by guys over at XDA the vulnerability patched by this update isn’t the Linux kernel CVE-2014-3153 vulnerability exploited
in geohot’s towelroot, but rather an OpenSSL early CCS issue (CVE-2014-0224) that may lead to certain types of man-in-the-middle attacks.

Expect the update to roll out for the recent nexus devices very soon, except for the Nexus 7 2013 LTE.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.