Hello everybody!
You might have heard of the notorious "Master Key" Vulnerabilty that affects 99% of Android devices. It basically allows a knowledged attacker to access all private and application data. For more information visit: http://bluebox.com/corporate-blog/bluebox-uncovers-android-master-key/.
CM team has recently (on 7th July) committed the fix for the patch. Here it is: https://github.com/CyanogenMod/android_libcore/commit/fe70e697810a7a8b9ce47325f53d16fdbc19f1f8. Gerrit link: http://review.cyanogenmod.org/#/c/45251/
I've created a patch from the differences of an older and a newer, patched core.jar from CM 10.1. I attach it in the attachment. It may happen that you have to modify it a bit to fit your rom's needs.
List of invulnerable (patched) roms:
Any other roms that are not in the list are vulnerable! If you bump into this thread, test the rom you are using to be sure and ask your rom cook to include it. Perform the test with this app: https://play.google.com/store/apps/details?id=com.bluebox.labs.onerootscanner.
You might have heard of the notorious "Master Key" Vulnerabilty that affects 99% of Android devices. It basically allows a knowledged attacker to access all private and application data. For more information visit: http://bluebox.com/corporate-blog/bluebox-uncovers-android-master-key/.
CM team has recently (on 7th July) committed the fix for the patch. Here it is: https://github.com/CyanogenMod/android_libcore/commit/fe70e697810a7a8b9ce47325f53d16fdbc19f1f8. Gerrit link: http://review.cyanogenmod.org/#/c/45251/
I've created a patch from the differences of an older and a newer, patched core.jar from CM 10.1. I attach it in the attachment. It may happen that you have to modify it a bit to fit your rom's needs.
List of invulnerable (patched) roms:
- Stock roms that received the patch in a software update
- CM 10.1.1 stable
- CM nightlies starting from 8th July (maybe 7th is patched as well, depends on build time)
- Any other CM/AOSP-based roms which include the patch. Most of them directly inherit CM's libcore and if the build was created after 7th July, it's patched.
- Custom roms that are patched
Any other roms that are not in the list are vulnerable! If you bump into this thread, test the rom you are using to be sure and ask your rom cook to include it. Perform the test with this app: https://play.google.com/store/apps/details?id=com.bluebox.labs.onerootscanner.