BB Issue of using old libpng version

Discussion in 'Technical Discussion' started by mmo822011, Jun 17, 2016.

  1. mmo822011

    mmo822011 Boxer

    Joined:
    Mar 25, 2016
    Messages:
    59
    Likes Received:
    14
    Hi BB developers

    My game made with BB has this warning recently from Google Play team:
    "
    Hello Google Play Developer,

    We detected that your app(s) listed at the end of this email are using an unsafe version of the libpng library. Apps with vulnerabilities like this can expose users to risk of compromise and may be considered in violation of our Malicious Behavior policy.

    What’s happening

    Beginning September 17, 2016, Google Play will block publishing of any new apps or updates that use vulnerable versions of libpng. Your published APK version will not be affected, however any updates to the app will be blocked unless you address this vulnerability.

    Action required: Migrate your app(s) to use libpng v1.0.66, v.1.2.56, v.1.4.19, v1.5.26 or higher as soon as possible and increment the version number of the upgraded APK.

    Next steps

    1. Download the latest version of libpng from the libpng website.
    2. Sign in to your Developer Console and submit the updated version of your app.
    3. Check back after five hours - we’ll show a warning message if the app hasn’t been updated correctly.
    The vulnerability stems from an out of bounds memory access that could potentially lead to code execution. Versions 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 are affected.

    You can read more about the vulnerability in CVE-2015-8540. For other technical questions about the vulnerability, you can post to Stack Overflow and use the tag “android-security.”

    While these specific issues may not affect every app that uses libpng, it’s best to stay up to date on all security patches.
    "
    any one here got this warning from Google Play team ? and is this issue with libpng addressed in BB version 2.1.1?
     
    mmo822011, Jun 17, 2016
    #1
  2. heathclose

    heathclose Miniboss Boxer

    Joined:
    Jan 28, 2016
    Messages:
    1,810
    Likes Received:
    1,026
    Do a forum search
     
    heathclose, Jun 17, 2016
    #2
  3. ionicapetrica98

    ionicapetrica98 Boxer

    Joined:
    Oct 27, 2015
    Messages:
    34
    Likes Received:
    4
    I'm not in that situation but many apps are already removed from Google play because of libpng vulnerability.
    Also AbMob version 6.4.1 (and below) of the SDK will not work after september 15.
     
    ionicapetrica98, Jul 21, 2016
    #3
  4. Andy

    Andy Miniboss Boxer

    Joined:
    Sep 24, 2015
    Messages:
    2,152
    Likes Received:
    1,546
    According to the email direct from Google:
    I'd like to hear if someone has first hand knowledge of this happening.
     
    Andy, Jul 21, 2016
    #4
  5. deepgeet

    deepgeet Boxer

    Joined:
    Sep 29, 2015
    Messages:
    38
    Likes Received:
    3
    can you please tell me solution for this problem?
    i have BB 1.3.5 and two days ago i uploaded Android build on google Play store, now game live but yesterday i got Alert message from google about Vulnerability, So tell me how can we solve it with BB 1.3.5

    if we doesn't find any solution then after 17th September 2016 we can't able to upload games on google Play store which will made with BB 1.3.5,
     
    deepgeet, Aug 10, 2016
    #5
    tarasgasparin likes this.

Share This Page