Versions of the Google Android operating system earlier than 4.3.0 are outdated and thus unpatched for the following vulnerabilities:
- A flaw in the tethering function is triggered when responding to recursive DNS queries that are received and referred to as an open resolver. This may allow a remote attacker to conduct DNS amplification attacks, allowing them to leverage the device to perform DDoS attacks against other targets.
- A flaw in ‘BackupManagerService’ does not properly sanitize user input, specifically path traversal style attacks (e.g. ‘…/’) when extracting TAR files. With a specially crafted application, a local attacker can overwrite arbitrary files. (CVE-2014-7951)