If any of you CyanogenMod users out there have updated in the past couple of days, you may have noticed that your version has been updated to version 10.1.1. But this update isn’t about cramming in new features, instead the CyanogenMod team has patched up some of the well know security Android exploits which have been making the news recently.
Perhaps the most noticeable exploit that has been patched is the “Master Key” bug, which affects virtually every Android device and potentially allows for unchallenged malicious abuses of Android’s app signing mechanism. The CyanogenMod team have also been kind enough to patch this bug in their CM7 and CM9 sources as well, so you don’t even have to be running the most up to date version of CyanogenMod to be protected.
A selection of other exploits have also been patched up with this update, here’s the full list:
- Bug 8219321 aka “MasterKey” exploit (also patched in CM 7 and CM 9 source)
- CVE-2013-2094 (Linux kernel exploit)
- CVE-2013-2596 (Qualcomm-specific exploit)
- CVE-2013-2597 (Qualcomm-specific exploit)
- General device bug-fixes
If you haven’t already updated your ROM to CM 10.1.1, it’s highly recommended that you do so in order to be protected from these exploits, providing that an updated build is available for your device.
As always, head on over to Settings > About Phone > CM updates to force a manual update check, or alternatively you can pick the latest build from the device download list if you’re thinking about installing CyanogenMod for the first time.