SuperSU update FYI

[WoohooGuy]

Chainfire has pushed out an update to SuperSU that fixes a couple security issues that could allow an exploit to gain elevated privileges without user confirmation.

The update is live on the market, I wanted to bring it to people's attention as it's a bit more important than just a compatibility update for KitKat that some people may temporarily sidestep for the time being thinking it's not related to their android flavor.

Remember that you have to actually launch SuperSU after the market update so it can finish the update process.

/FYI

Edit - This only affects users that are rooted! If you are not rooted you have no worries, carry on!

 

[BRAINZ2013]

Thanks had a problem this morning but found out it was super su app .

 

[funkylogik]

Got it but thanks for the thread bro :beer::beer:

 

[funkylogik]

I may actually owe the dev of PieControl Pro an apology lol. It kept cutting out n im guessing it was due to losing SU status.
I dont feel too bad though since he didnt reply to 4 emails

 

[WoohooGuy]

When Android 4.3 was about to come out Chainfire was working overtime and releasing updates seemingly twice a day as he was hammering out the new issues 4.3 presented for root.

I got lackadaisical about applying SuperSU updates around that time as I figured a new one would be along soon, so just would wait until his good work was done and apply it before upgrading.

Knowing other people may view the updates the same way now that KitKat is in the wild I wanted try and make sure people know this update is important and not a common compatibility update.

 

[funkylogik]

Id been using that "update supersu" zip file with my 4.3 roms. Is that related to this, mate?

 

[WoohooGuy]

Id been using that "update supersu" zip file with my 4.3 roms. Is that related to this, mate?

Until you create/export a new supersu app on a device that has the updated binaries via Titanium or other, or know for a fact you are downloading a supersu flash/zip package that is from the most updated binaries than be wary and be sure to update the SU binary after install.

 

[funkylogik]

Thanks bro. I dont really understand that stuff n its kinda scary how things are changing with each point upgrade. Like the recent warning TiBu gives (i always hit the selection on the right and it reboots)
I hate how 4.4 seems to (unless its cyanogens fault) seems to have messed up the SD Ext path or something.
Just when i start to understand something, it seems to get screwed with lol. Know what i mean mate?


Wait do i understand you that now that ive updated SuperSU from the market and backed it up in TiBu, i dont need that update zip anymore for my root apps to work with new custom roms?

 

[WoohooGuy]

Thanks bro. I dont really understand that stuff n its kinda scary how things are changing with each point upgrade. Like the recent warning TiBu gives (i always hit the selection on the right and it reboots)
I hate how 4.4 seems to (unless its cyanogens fault) seems to have messed up the SD Ext path or something.
Just when i start to understand something, it seems to get screwed with lol. Know what i mean mate?


Wait do i understand you that now that ive updated SuperSU from the market and backed it up in TiBu, i dont need that update zip anymore for my root apps to work with new custom roms?

Android seemingly is a bit safer to be on the cutting edge with apps like SuperSu as you have some of the most brilliant minds creating these programs and supporting them.

Occasionally you have hiccups like this one, Chainfire plans on addressing the issues this coming Monday and I look forward to reading his comments on the issue.

As for the supersu zip, you will still need it to flash supersu on custom Roms that may not have it, or need it to flash after an OTA update that breaks su.

Just make sure you download the newest version of it from Chainfire's official thread on XDA -
[2013.11.13] SuperSU v1.69 - xda-developers

 

[funkylogik]

Thanks again bro n ill follow his comments on g+ :beer:

 

[zuben el genub]

I got a notice for an update to Super SU, did the update and it locked up the phone a couple of months ago. So I've shied off since.

Are the updates for certain versions of Android? I'm still using plain 4.2 just the way I got and rooted the phone. There simply hasn't been anything in the updates that I wanted or needed.

If the updates are for certain versions, then the update should make it plain and not assume that everyone cares about updating just to keep up with new services offered.

 

[Unforgiven]

Thanks for the heads up on opening SuperSU after the update. I'm loading the binaries now.

 

[Slug]

Are the updates for certain versions of Android?

No. They may introduce support for newer versions of Android, but the main reason is to fix bugs, patch vulns and/or support newly-discovered root methods.

If the updates are for certain versions, then the update should make it plain and not assume that everyone cares about updating just to keep up with new services offered.

Chainfire publishes a changelog on Play for every update, so all the information required to make an informed decision is available to the user.

 

[zuben el genub]

Depends on how they do it. If they just list fixes for each update, I'd assume it meant for any previous update, too. If it's for all versions, then add 4.2, 4.2.2, whatever. I could still be using an old phone on GB or CM's version of it.

If that first update from a couple of months ago hadn't locked up the phone, I'd let it update automatically. Now I don't trust it. I dug out the old XP laptop and restored from there. The one I have on the phone is only for TB to turn on USB. I don't use it for anything else.

I have a couple of other apps that warned about updating when they fixed app for newer versions. They did warn people on prior versions of JB that the upgrade might bugger the app.

 

[Slug]

Here's the one for the latest version (1.69):

"What's New:
NOTE: If you just upgraded to Android 4.3, you need to manually re-root!
v1.69

- XBIN mode (some new roots need this)
- Slightly adjusted binary installer
- Backup script installation now available for all backuptool-capable ROMs
- Fixed su-ing to a non-root user not working on some 4.3+ firmwares
- Fixed BOOTCLASSPATH vulnerability (CVE-2013-6774)
- Fixed notification sanitization vulnerability (CVE-2013-6775)
- Fixed possible closed special files vulnerability
- Updated language files"

As you can see, version-specific advisories are included if required.

 

[BRAINZ2013]

Either way u look at it we all needed the binary installation repair . No 2ways about it .

 

[zuben el genub]

I've still got what came with the Nexus 4 when I bought it last spring. The original 4.2.
After reading what came with the updates, I didn't need or want the extras. I just haven't found another ROM I want to try. 4.3 had nothing interesting and neither does Kit-Kat. I want faster memory access to open my reference library, not social bits.

Why did the update from SU last summer freeze the phone? I got a couple of error messages and can't remember how I got rid of the problem to get the phone to work.

 

[WoohooGuy]

I've still got what came with the Nexus 4 when I bought it last spring. The original 4.2.
After reading what came with the updates, I didn't need or want the extras. I just haven't found another ROM I want to try. 4.3 had nothing interesting and neither does Kit-Kat. I want faster memory access to open my reference library, not social bits.

Why did the update from SU last summer freeze the phone? I got a couple of error messages and can't remember how I got rid of the problem to get the phone to work.

Regardless what rom you run, stock or custom, if SuperSU is the su manager you have than you should update it or replace it with another su manager of your choice if you feel you dont trust the update.

I cant tell you why SuperSu had those issues with your device in the past but odds are it was a very isolated event.

 

[Slug]

After reading what came with the updates, I didn't need or want the extras.

Well that's your prerogative. However I wouldn't describe the likes of vulnerability patches for the app handling root access as "extras".

 

[BRAINZ2013]

Hey everyone love CHAINZ his super user and the new super su they the bomb . And if you have a problem and report to the dev . He moves fast and help u repair issues and tell u where u was wrong he the man across the nation . I know of rooters in china who loves his work .