While most Android users are waiting on updaters that might patch some of the recently reportedsecurity holes, CyanogenMod is already getting a bug fix update out the door. CyanogenMod 10.1.1 is now hitting the stable channel for all supported devices.
The Master Key exploit will be presented by Jeff Forristal at Black Hat 2013 as "One Root To Own Them All." It's essentially a bug in signature verification which can be used to insert malicious code into an APK. Google patched the bug back in February, but the new code hasn't made it into most official ROMs – even Nexus devices have yet to receive the fix. CM started including the fixes in nightlies a few days ago, and now the fix is in the stable build for the slightly less adventurous. CM 10.1.1 also fixes two Qualcomm-specific vulnerabilities and a Linux kernel exploit.
It's very cool to see this open source project run by regular folks get an important security fix out to users so fast. That's what happens when you're not burdened by the bureaucracy of a large company or a carrier. CyanogenMod might have a few bugs, but it's rock-solid as far as security goes. Users are advised to update as soon as their build is available.
No comments:
Post a Comment