It seems that there is a large amount of pot calling kettle black when it comes to security.
Last month, Google angered Microsoft by releasing the details of a security vulnerability ahead of Microsoft’s Patch Tuesday. Microsoft said that the patch was set to be released two days after Google went live with the details and that they refused to wait an extra 48 hours so that the patch would have been released along with the details of the exploit.
That would all be fine but Google does not have the same standards for itself. An exploit has been uncovered in Android 4.3 (Jelly Bean) – which covers roughly 60 per cent of Android’s install base, according to the Android Developer dashboard – and Google is saying that they will not patch the flaw.
The flaw, which exists in WebView impacts nearly 1 billion users, when using Google’s own numbers as a base along with Gartner figures.
To make matters worse Jelly Bean was first announced in June of 2012, which means that Google is dropping support for its mobile OS less than three years after it was released.
Google is clearly stating that legacy support for the OS is not on their agenda even while phones are still being flogged with Jelly Bean under the bonnet.
The question is why if Google is being such a bastard about its own operating system is it so keen to throw Microsoft under the bus?