Man In The Middle Vulnerability Found In CyanogenMod

Discussion in 'Android News' started by DroidModderX, Oct 16, 2014.

  1. DroidModderX

    DroidModderX Super Moderator
    Staff Member Premium Member

    Joined:
    Oct 6, 2011
    Messages:
    5,692
    Likes Received:
    2,116
    Trophy Points:
    478
    Ratings:
    +2,235
    [​IMG]

    Earlier this week a "researcher" published an article stating that CyanogenMod included a Man In The Middle Vulnerability. This turns out to be true, but it isn't as big of an issue as you would think. The vulnerability would allow a hacker to target any browser being used by the Rom to initiate a man in the middle attack. The vulnerability comes from reused sample code from Oracle for Java 1.5. The vulnerability has been reported since 2012. It turns out that the vulnerability more than likely originates in Google's code since CM is based on AOSP as one reddit post suggest. There has already been a patch relesed by CyanogenMod that fixes this. That patch can be seen on CyanogenMod's github. According to "Psychol3oy" of CM Kit Kat does not use JSSE so anyone on CM11 or better would not be effected. If you are on 4.3 or earlier you may be affected. The problem is currently being worked on. This would be a good time to update to the latest nightly or at least go ahead and jump on CM11. It should also be noted that according to The Register other roms based on CM would also be vulnerable. It would be worth updating to a Kit Kat rom if you haven't already.

    Via Rootzwiki
     
    • Like Like x 3