Old Security Vulnerability Gets Patched Up With Android Version 4.4.3
The latest build of Android hitting devices has been known for a while to be mostly about bug fixes with only a few minor changes that could be categorized as visual tweaks, like with the dialer and the people apps. It seems that the update to Android 4.4.3 also appears to be patching a really old security flaw that has been sitting in the code that exists within the part of the Android system known as VOLD, or Volume Management Daemon. Most people will probably never be familiar with this particular part of the Android OS or what it does for them, but basically it exists to manage the task of mounting your SD card. The new update fixes a vulnerability that uses VOLD to complete various attacks on the system of an Android device, most worrisome being a way to achieve root access.
The VOLD system doesn’t just handle mounting the SD card and creating /sdcard paths, but it also handles the task of mounting virtual file systems which is where the security flaw actually takes place, using a virtual file system called ASEC or Android Secure External Caches. Within the ASEC is where attackers can exploit the weakness, basically resulting in the system allowing them to manipulate the privileges of an application. Normally, most apps on an average Android device will only have read access unless the device is rooted, in which case the user can go into the files and provide read/write access to certain apps. The vulnerability allows for an attacker to slip into the VOLD and temporarily give write access to an application which is essentially a root privilege, which could allow them to manipulate the app for various potentially dangerous activities.
Thankfully with 4.4.3 Google was able to readily fix this security issue by installing a check in the VOLD that would basically prohibit redirecting the path from its designated location. Since this check never existed before attackers could pass into a path and the system never verified validity of the action, allowing the attacker to pass in without much difficulty. With the vulnerability being patched in with this newest software update any devices that will be moving forward to 4.4.3 generally won’t have to worry, but older devices could essentially still be vulnerable since the flaw has been around for quite some time. The good news for those using device who will never get the update to Android 4.4.3 is that completing such an attack requires multiple exploits, so there are limits to the attack.
Samsung Galaxy S4 - Coverted to GT-I9505G
Google Play Edition 06-26-2014 - 4.4.4 - by Danvdh, Kryten2k35 & Ktoonsez
Philz Touch 6 - v184.108.40.206