AndroidGood and EVO

Vulnerability in Superusers and SuperSU found

roottoolsAccording to a post from Koushik Dutta, creator of ClockworkMod recovery (and also the open source Superuser app that’s currently used in CyanogenMod), his Superuser application – along with the closed source Superuser by ChainsDD, and also SuperSU by Chainfire – are getting updates to fix a currently unreleased vulnerability. The issue was found recently and is being patched before it’s exploited in the wild.

As of this writing, SuperSU has already been updated and Koushik Dutta has a post on his Google+ stating that a fix is in the works for CyanogenMod by developer Ricardo Cerqueira. Koushik is in Paris now, so work on patching his Superuser is delayed for a bit.

Basically, the exploit that was found seems to work on all root management applications that start with the word “Super.” Super. More details of the exploit will be released Monday, so grab your updated Superuser management application whenever you get a chance, or whenever it’s released. Make sure to make a nandroid backup before you update the application and binaries, just in case something with the new versions doesn’t work for you.

While probably nothing will happen with the exploit, we can wildly speculate that it will lead to the end of the world as we know it, or at least cause a few Android users some headaches after details of the exploit will be released to the public at the start of a new work week.

Three apps starting with “Super,” two named Superuser, two out of three developers starting with “Chain,” one vulnerability.

[Google+ via Android Police]
Pocketables does not accept targeted advertising, phony guest posts, paid reviews, etc. Help us keep this way with support on Patreon!
Become a patron at Patreon!

Paul E King

Paul King started with GoodAndEVO in 2011, which merged with Pocketables, and as of 2018 he's evidently the owner. He lives in Nashville, works at a film production company, is married with two kids. Facebook | Twitter | Donate | More posts by Paul | Subscribe to Paul's posts

Avatar of Paul E King