Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Superuser unsanitized environment vulnerability on Android <= 4.2.x
Nov 13 2013 07:24PM
Kevin Cernekee (cernekee gmail com)
Vulnerable releases of several common Android Superuser packages may
allow malicious Android applications to execute arbitrary commands as
root without notifying the device owner:
- ChainsDD Superuser (current releases, including v3.1.3)
- CyanogenMod/ClockWorkMod/Koush Superuser (current release...
[ more ]
Copyright 2010, SecurityFocus