Vulnerability in Superusers and SuperSU found

roottoolsAccording to a post from Koushik Dutta, creator of ClockworkMod recovery (and also the open source Superuser app that’s currently used in CyanogenMod), his Superuser application – along with the closed source Superuser by ChainsDD, and also SuperSU by Chainfire – are getting updates to fix a currently unreleased vulnerability. The issue was found recently and is being patched before it’s exploited in the wild.

As of this writing, SuperSU has already been updated and Koushik Dutta has a post on his Google+ stating that a fix is in the works for CyanogenMod by developer Ricardo Cerqueira. Koushik is in Paris now, so work on patching his Superuser is delayed for a bit.

Basically, the exploit that was found seems to work on all root management applications that start with the word “Super.” Super. More details of the exploit will be released Monday, so grab your updated Superuser management application whenever you get a chance, or whenever it’s released. Make sure to make a nandroid backup before you update the application and binaries, just in case something with the new versions doesn’t work for you.

While probably nothing will happen with the exploit, we can wildly speculate that it will lead to the end of the world as we know it, or at least cause a few Android users some headaches after details of the exploit will be released to the public at the start of a new work week.

Three apps starting with “Super,” two named Superuser, two out of three developers starting with “Chain,” one vulnerability.

[Google+ via Android Police]
Pocketables does not accept targeted advertising, phony guest posts, paid reviews, etc. Help us keep this way with support on Patreon!
become a patron button - for some reason we don't have an alt tag here

Paul E King

Paul King started with GoodAndEVO in 2011, which merged with Pocketables, and as of 2018 he's evidently the owner. He lives in Nashville, works at a film production company, is married with two kids. Facebook | Twitter | Donate | More posts by Paul | Subscribe to Paul's posts

Avatar of Paul E King

3 thoughts on “Vulnerability in Superusers and SuperSU found

  • Avatar of Hwyman
    November 14, 2013 at 1:53 pm
    Permalink

    This can be fixed with a lower-case “S”

    Reply
  • Avatar of Hwyman
    November 14, 2013 at 2:32 pm
    Permalink

    So I remember I used to have SuperSU when I took the root plunge earlier in the year. Many ROMs later, I didn’t need it anymore because it got baked in (circa 4.2) right? So now I have to see if my favorite dev is still around and maintaining my ROM of choice.

    Reply

Leave a Reply

Your email address will not be published.