latest
Researcher finds Android zero-day vulnerability impacting Google Pixel 6, Samsung Galaxy S22, and more
A security researcher has found a zero-day security vulnerability in Linux kernel that compromises the Google Pixel 6 and others phones.
Android security has come a long way in recent years. The fostering of monthly security patches has kept hundreds of threats at bay, while Google Play Protect is there to bar malware from the Play Store. However, there are still instances where rogue actors can exploit vulnerabilities hidden within in Android's code for nefarious purposes. Zhenpeng Lin, a security researcher and Northwestern University PhD student, recently discovered such a vulnerability on the Google Pixel 6, and you may be at risk even after installing the latest July 2022 security update.
PSA: Dirty Pipe, the Linux kernel root vulnerability, can be abused on the Samsung Galaxy S22 and Google Pixel 6 Pro
The infamous "Dirty Pipe" vulnerability can be exploited on the Samsung Galaxy S22 and the Google Pixel 6 Pro to gain root shell access.
What happens when a Linux privilege-escalation vulnerability that also affects Android gets disclosed publicly? You got it! Security researchers and Android enthusiasts around the world try to take advantage of the newly found problem to create an exploit, which can be used to gain advanced access to your device (such as root or the ability to flash custom images). On the other hand, device makers and a few determined third-party developers quickly take the responsibility to patch the backdoor as soon as possible.
Linux kernel bug dubbed 'Dirty Pipe' can lead to root access, affects Android devices as well
Dirty Pipe is a newly discovered Linux flaw that can be exploited to gain root access. The bug also affects certain Android phones. Read on!
One of the strongest points of the Linux kernel has primarily been its open source nature, which allows stakeholders to fork, modify and redistribute it in a way that suits their particular needs. But this very advantage of being open source acts like a double-edged sword when it comes to the existence of unpatched security vulnerabilities and corresponding exploitable scenarios. While developers and big name OEMs are hard at work enhancing the overall security of the Linux ecosystem (which also includes Android), new vulnerabilities and exploits keep popping up and slipping under the radar. The mistake this time seems to be quite serious, unfortunately.
RootMyRoku can jailbreak many Roku TVs and set-top boxes
RootMyRoku is a new jailbreak exploit that will give you more control over the channels you can install on your Roku device.
Roku recently removed the YouTube TV app from its channel store due to a disagreement with Google, preventing users from watching their favorite shows for a couple of weeks. While Google has found a way to bring back YouTube TV by cleverly embedding the service into the main YouTube app, it hasn't come to a compromise with Roku. This may result in Roku retaliating once again, which could end up affecting your viewing experience.
PSA: If your PC runs Linux, you should update Sudo now
Researchers at Qualys have discovered a security vulnerability in the Sudo program that can be exploited to gain root access on Linux PCs!
Despite the fact that tens of thousands of contributors actively pore over the source code of the Linux kernel and various Unix utilities looking for security flaws, it's not unheard of for serious bugs to go unnoticed. Just a day ago, the folks over at Qualys revealed a new heap-based buffer overflow attack vector that targets the "Sudo" program to gain root access. The bug this time seems to be quite serious, and the bug has existed within the codebase for almost 10 years! Although the privilege escalation vulnerability has already been patched, it could potentially be exploited on nearly every Linux distribution and several Unix-like operating systems.
Sony Xperia 1 and Xperia 5 get temp root access on a locked bootloader with an exploit
Here's how you can achieve root access on the Sony Xperia 1 and the Xperia 5 using a privilege escalation exploit without unlocking the bootloader.
When it comes to bootloader unlocking and custom development, Sony is undeniably one of the most developer-friendly OEMs out there. The company maintains an initiative called the Open Devices program through which they provide tools and guides to the development community to help them compile Android Open Source Project (AOSP) builds on select Xperia devices. Moreover, Sony offers a dedicated online portal for bootloader unlocking, but there is a catch.
LG V50 ThinQ gets root on locked bootloader thanks to an exploit
Developers have figured out how to root the LG V50 ThinQ without unlocking the bootloader using a privilege escalation exploit, but there's a catch.
LG's bootloader unlocking policy is quite annoying as the company tends to whitelist only a handful of regional device variants to be unlocked via their official portal. The situation isn't always their fault, though, as U.S. carriers tend to make the decision to block bootloader unlocking. Take for example the LG V50 ThinQ—while you can unlock the bootloader of the European variant (LM-V500EM), you can't unlock the Sprint or the Verizon models. That makes rooting virtually impossible on these carriers models, but developers have recently made a breakthrough in this front. It is now possible to get a root shell, albeit temporary, on bootloader locked LG V50 ThinQ units.
Developers have exploited the Samsung Galaxy S9 and Note 9 to get root access on the Snapdragon models
Developers have figured out how to root the Snapdragon models of the Samsung Galaxy S9 and Galaxy Note 9 thanks to an exploit, but there's a catch.
Samsung phones sold in the U.S. are notoriously difficult to root. Samsung Knox makes rooting especially annoying, and it tends to break a lot of things if you do manage to get root. Users in the U.S. can't even unlock the bootloader to root their devices in the first place. Every once in awhile, though, developers figure out an exploit that allows us to root. The Snapdragon Galaxy S7, Snapdragon Galaxy S8, and Snapdragon Galaxy Note 8 were possible to root using exploits, for example. The same developers behind the SamPWND exploit for the S8/Note 8 are back again with exploits that allow for root access on the Snapdragon Galaxy S9, Galaxy S9+ and Galaxy Note 9 — although there is a catch.
[Update: Fix] Bootloader Protection Bypass Discovered on OnePlus 6 (requires physical access)
A serious vulnerability in the OnePlus 6 bootloader has been discovered. This exploit, which requires physical access, bypasses all security measures.
The OnePlus 6 was made official in the middle of last month. The device has only recently started to make its way into the hands of consumers and developers on our forums, and already we're hearing about the work that's being done. An official build of TWRP is already available and work is progressing nicely on an unofficial LineageOS 15.1 GSI. The OnePlus 6 isn't only receiving attention from users interested in the device for their personal use or projects, however, as security researchers are starting to take a closer look at the device to see what they can find.
While some OEMs allow bootloader unlocking on almost every model, the LG officially supports just a few devices. We have exciting news for the owners of the international variant of the LG V20. The bootloader can be unlocked thanks to the DirtySanta exploit.
9 Year Old Linux Kernel bug dubbed 'Dirty Cow' can Root every version of Android
Dirty Cow is a newly discovered, but 9-year-old bug that can be exploited to grant root access on all versions of Android.
Despite the fact that tens of thousands of users actively pore over the Linux kernel source code actively looking for security flaws, it's not unheard of for serious bugs to go unnoticed. After all, though the chances of missing something incredibly serious are lowered by having more eyes auditing the code, we're all still human and are bound to make a mistake. The mistake this time seems to be quite serious, unfortunately. A privilege-escalation exploit was recently discovered last week, and although it has already been patched in the mainline Linux kernel, the bug could potentially be exploited on nearly every Android phone on the market until each device receives the appropriate kernel patch.
New Rowhammer Exploits use Hardware Vulnerabilities to Root LG, Samsung, and Motorola Devices
New Rowhammer exploit successfully roots LG, Samsung, and Motorola devices using bit-flips. The exploit was previously thought to be unviable.
Google is constantly at war with hackers seeking to maliciously exploit security vulnerabilities in their products. Back in the middle of 2014, Google assembled a team of security analysts called 'Project Zero' to report zero-day exploits to the company so they can be patched before any nefarious third-party can take advantage of the undisclosed security hole. One such vulnerability, dubbed the 'Rowhammer' exploits, involves repeatedly accessing a row of memory to cause 'bit-flips' in adjacent rows of memory. This exploit occurs in some DRAM devices and can be used to gain read-write privileges to all of physical memory even within a user-space process.