Android开发同学请注意啦,Android Studio2.1.1版本发布更新, 解决重大安全问题.

5月11号发布的Android Studio 2.1.1版本修复了两个重大的安全问题:

Built-in WebServer Vulnerabilities（内置的web服务器漏洞）:

在IDE内置的web服务器中有一个跨站点伪造请求缺陷,可能允许攻击者在未经用户同意的情况下访问本地文件系统.

Internal RPC Vulnerabilities（内部RPC漏洞）:

设置了过度宽松的跨域资源共享,可能允许攻击者访问各种内部的API;获取IDE保存的数据,收集各种元信息,比如IDE版,本或者打开一个未经允许项目.

虽然没有收到用户相关的报告,但升级到这个新版本是很重要的.

原文: https://plus.google.com/103342515830390186255/posts/5TGKhcwtip5

Please update to Android Studio v2.1.1

We wanted to make you aware of an important security update for Android Studio.

Today we released the Android Studio 2.1.1 update. The incremental update addresses two security vulnerabilities in the underlying IntelliJ platform that affects all previous versions of Android Studio:

Built-in WebServer Vulnerabilities: A Cross-Site Request Forgery (CSRF) flaw in the IDE’s built-in WebServer could allow an attacker to access the local file system from a malicious web page without user consent.

Internal RPC Vulnerabilities: Over-permissive Cross-Origin Resource Sharing (CORS) settings could allow an attacker to access various internal API endpoints; gain access to data saved by the IDE; gather various meta-information, like IDE version; or open a project without permission.

We have had no reports of active customer exploitation or abuse of these newly reported issues, but it’s important that you update to this new version now.

更多关于Android Studio的使用技巧,请参考 《Android Studio实用指南》

下载地址:

Windows: https://dl.google.com/dl/android/studio/ide-zips/2.1.1.0/android-studio-ide-143.2821654-windows.zip (286.7 MiB)

Mac: https://dl.google.com/dl/android/studio/ide-zips/2.1.1.0/android-studio-ide-143.2821654-mac.zip (285.2 MiB)

Linux: https://dl.google.com/dl/android/studio/ide-zips/2.1.1.0/android-studio-ide-143.2821654-linux.zip (284.3 MiB)