UPDATE : Android security bug fix thanks to teddyearp!

[badblue1]

https://play.google.com/store/apps/details?id=com.bluebox.labs.onerootscanner

I seen someone posted yesterday about the 4 year old security risk Scan Your Device for the Androidthis is just updated from Bluebox corporate, seems they came up with an app to scan your device for malicious apps.

I downloaded it, seems to scan really fast but i guess it's all we have till someone comes up with a fix for the security problem.

Just thought I'd throw this out there.

 

[teddyearp]

This is interesting information. I should look into it more.

But AFAIK, the only way an application can modify anything in the /system partition is if it has root access. And AFAIK the only way to have root access is if your device is rooted. Since the method(s) to root our devices sometimes vary widely from device to device, I find it hard to believe that the 'security bug' could be used to first root any device and then make the modifications described.

But I don't know everything, not at all. I found more articles including a patch added by Steve to the latest CM10.1 (which of course you cannot run unless your device is rooted first):

The truth about the latest Google Android security scare (Updated) | ZDNet

https://groups.google.com/forum/#!topic/android-security-discuss/OurJQ5JzXos

https://jira.cyanogenmod.org/browse/CYAN-1602

https://www.blackhat.com/latestintel/05292013-mobile-exploits-oh-my.html

It might be done. But hey, maybe we can exploit this to easier root any android device and (hehe) unlock the stinking bootloader on any android device!

 

[badblue1]

I don't think it has anything to do with the app obtaining root access, it steals your passwords and login info, thus being able to steal whatever it needs.

 

[badblue1]

UPDATE :
@ teddyearp ... Without knowing it you have helped fix the android security bug for CM7.2 IHO. When you posted this link https://jira.cyanogenmod.org/browse/CYAN-1602 i passed it on to a developer for the LG optimus v as well as others .Well Mrg666 the developer of this rom [ROM+Kernel] MiRaGe-CM7.2-IHO (07132013) - Android Forums at AndroidCentral.com that alot of us use, in fact most stable rom for our phone right now, well he was able to create the security patch for the rom from the link you posted.

Thank you so much and thanks to Steve our phones will be free of the security bug. Android security fix 8219321(cyan -1602)
Again, can't thank you enough!

 

[teddyearp]

Wow, who woulda thunk. This guide got lucky that's all. Glad to be of service.

 

[funkylogik]

They should name a build after you

 

[awriternot]

Ugh, what about non-rooted Razr Maxx? It's saying it hasn't been patched. How would I find out when they plan on fixing?

 

[badblue1]

Ugh, what about non-rooted Razr Maxx? It's saying it hasn't been patched. How would I find out when they plan on fixing?

As long as you download apps from Google playstore your golden.

The bug, supposedly comes from apps that are not downloaded from a trusted source.

Download from Google play or Amazon.