We’re reported earlier today, October 15, that a member of the Ubuntu App Developer Google+ community has discovered a malicious app on the Ubuntu Touch Store that could give root access to an intruder.
The Ubuntu Touch developers were quick to fix the security vulnerability, which was, in fact, an unknown bug in the application installation system. Just a few moments ago, we were informed by Canonical’s Łukasz Zemczak that a post OTA-6 hotfix would be published soon for all Ubuntu Phone users to patch the bug.
Because of this nasty security vulnerability, the Ubuntu Touch developers had a very busy day today as they also had to re-spin the images of the upcoming OTA-7 software update, which, of course, contained the aforementioned bug. However, the good news is that Ubuntu Touch OTA-7 release date is not affected and, as we reported the other day, will arrive in the first half of the next week.
“A busy day today. Some of you already saw the announcement regarding the security fix we’re working on,” says Łukasz Zemczak. “The fix is currently building in an image and will be released to the users shortly (as a hotfix OTA-6+ update). All this also meant that we had to re-spin OTA-7 once again, but most possibly the final release date will stay the same.”
Everyone should stay on the stable channel, always
Mr. Zemczak also informs those who use the rc-proposed channel of the Ubuntu Touch operating system that several new images will be published later today, some of which will be reverted to a previous state, which means that if they upgrade immediately, they will end up having an older version of everything.
Therefore, you are urged not to touch the rc-proposed channel in the next 24 hours, because they are being used to build the OTA-6 hotfix and the forthcoming OTA-7 images. Canonical apologizes for any inconvenience this may cause and recommends everyone to always stay on the stable channel.
In conclusion, if you are an Ubuntu Phone owner, you need to check for an update in the next few minutes or hours. Your device will download the OTA-6 hotfix automatically and reboot the system to apply it. This applies to Nexus 4, Nexus 7, BQ Aquaris E4.5, BQ Aquaris E5 HD, and Meizu MX4 devices.
Via Softpedia