Select Menu

Slider

Windows

Apple | Mac

Linux

Mobile

Hardware

Tutorial

Android

» » » » The Details Of Recently Discovered Vulnerabilities That Allowed Any App To Gain Root Privileges With SuperSU And Superuser
«
Next
Newer Post
»
Previous
Older Post

An XDA member recently unveiled serious vulnerabilities in all three root packages used to gain superuser access on devices. The developers have been contacted, and the two active projects are working to address the issues. If you're running an older version, you might want to get on the update train.
According to cernekee on XDA, the vulnerabilities allow for a malicious app to obtain root access without going through the proper channels. You wouldn't see a notification at all – the app could just do its business in secret. Superuser from ChainsDD is no longer in development, but some folks are still using it. On Android 4.2 or lower (ChainsDD SU doesn't work at all on 4.3+), the root package runs several privilege checks to determine if an operation should be allowed. There are two vulnerabilities here:
  • On ClockWorkMod Superuser, /system/xbin/su does not set PATH to a known-good value, so a malicious user could trick /system/bin/am into using a trojaned app_process binary
  • Other environment variables could be used to affect the behavior of the (moderately complex) subprocesses. For instance, manipulation of BOOTCLASSPATH could cause a malicious .jar file to be loaded into the privileged Dalvik VM instance. All three Superuser implementations allowed Dalvik's BOOTCLASSPATH to be supplied by the attacker. (this one affected all three packages)
Source : Android Police 

About Unknown

This is a short description in the author block about the author. You edit it by entering text in the "Biographical Info" field in the user admin panel.
«
Next
Newer Post
»
Previous
Older Post

No comments

Leave a Reply