- Joined
- Oct 6, 2011
- Messages
- 5,782
- Reaction score
- 2,133
Yesterday Jcase announced via twitter that he and his team were working closely with Vendors to patch up a huge Android security bug. The whole announcement was a bit sarcastic in its approach mainly to pick fun at media outlets who overhype mostly theoretical security bugs. Today we get a bit of further clarification on the Pork Explosion vulnerability. Jcase once again confirms that it is indeed the real deal and had this to say about it.
It can gain execution on a phone without installing an app, enabling usb debugging, or visiting a webpage. No faraday cage can protect you from the Pork Explosion.
It can be used to root the phone, ex-filtrate confidential data, bypass code-signing, bypass dm-verity, bypass lock screens, brute force encryption keys and yes even completely circumvent the ever powerful NSA backdoor Linux Kernel security extension called SELinux.
Fear the Pork.
There was one small detail that was left out here that is pretty crazy. Stay tuned for more on this.
via bbqand0days