Another Android Master Key bug discovered

BY

Published 2 Nov 2013

NSFW AI Why trust Greenbot

We maintain a strict editorial policy dedicated to factual accuracy, relevance, and impartiality. Our content is written and edited by top industry professionals with first-hand experience. The content undergoes thorough review by experienced editors to guarantee and adherence to the highest standards of reporting and publishing.

Disclosure

android

Earlier this year, a major Android Master key bug was found by Bluebox Security. The exploit was very serious in nature and affected nearly 99% of Android devices out there. Bluebox had informed Google about this vulnerability back in February, but the company did not fix the issue even with Android 4.3 Jelly Bean. 

Sadly, Saurik – popularly known for Cydia – has discovered another Master key bug in Android 4.3 and lower. The bug has been fixed in Android 4.4, but it is very well known how long OEMs take to update their devices to the latest version of Android.  Like the previous master key bug, this exploit can allow a hacker to gain complete access to your Android device via a modified system APK, with its original cryptographic key being untouched.

Thankfully, Saurik has updated his Cydia Impactor for Android to include a patch for this bug. Head over to this article from Saurik to get an in-depth idea about the bug and the supporting patch.