Successful exploit could cause out-of-bounds memory read, leading to continuous system reboot. Huawei has released software updates to fix this vulnerability. This vulnerability has been assigned a CVE ID: CVE-2017-8149. The APP can modify specific data to cause buffer overflow in the next system reboot, causing out-of-bounds memory read which can continuous system reboot. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The boot loaders of some Huawei mobile phones have an out-of-bounds memory access vulnerability due to the lack of parameter validation. Security Advisory – Out-of-Bounds Memory Access Vulnerability in the Boot Loaders of Huawei Mobile Phones Text of two and links to all 3 are below: ![]() If a phone is lost or stolen, it further decreases the number of potential attacks which could be used to gain access, providing better safety for your data.ģ boot loader/smartphone security vulnerabilities from Huawei. For 99% of users, the new Rollback Protection is great news. So if your phone is flashed with older software, you (and your data) are protected from whatever potential security vulnerabilities may have been present in earlier versions. The new feature is called Rollback Protection. On compatible devices, the new Verified Boot changes in Android 8.0 Oreo will prevent a device from booting should it be rolled back to an earlier firmware. This flew under our radar back at I/O, but it’s big news. For example, during the development of it, we had to unlock our (luckily unlockable!) Moto G5 device in order to unbrick it.Īndroid Oreo feature spotlight: Changes to Verified Boot won't allow you to start a downgraded OS /Zz6OD4xliv DISCLAIMER: Unlike the previous ephemeral jailbreak, the one presented today may brick your device. As usual, our PoC exploit is publicly available in our GitHub repo. Moreover, we also present in the paper and this blog post other second stage exploits, such as persistent kernel code execution in Nexus 6, the ability to downgrade critical partitions (such as the bootloaders chain and TrustZone), unlocking a re-locked Nexus 6 bootloader, and more. In the WOOT’17 paper we describe a natural continuation of that exploit – a second stage untethered secure boot & device locking bypass (tested to be working on the vulnerable versions of Nexus 6, Moto G4 & G5). Additional Moto devices have also been confirmed by the community. In the previous couple of blog posts, we demonstrated a tethered unrestricted root exploit against that vulnerability, that we later extended to other Moto devices – G4 & G5. Our paper also includes some previously undisclosed details on CVE-2016-10277, a critical kernel command-line injection vulnerability in the Motorola Android Bootloader (ABOOT) that we had found and blogged about. In USENIX WOOT ‘17, that took place earlier this month in Vancouver, we presented our paper, “fastboot oem vuln: Android Bootloader Vulnerabilities in Vendor Customizations”, covering a year’s work in Android bootloaders research. Initroot: Exploiting CVE-2016-10277 for untethered jailbreak on Moto devices (USENIX WOOT '17)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |