Submitted via IRC for TheMightyBuzzard
QuadRooter Android vulnerabilities affect devices that are built on the Qualcomm chipset, a supplier of 80% of the chipsets in the Android ecosystem. If any one of the four vulnerabilities is exploited, an attacker can trigger privilege escalations and gain root access to a device, enabling them to change or remove system-level files, delete or add apps, and access the device's screen, camera or microphone.
Source: https://www.helpnetsecurity.com/2016/08/08/quadrooter-android-vulnerabilities/
(Score: 2) by NotSanguine on Tuesday August 09 2016, @07:52AM
A better article on this issue is at Threatpost [threatpost.com].
CVE: 2016-5340 [mitre.org]
More detail on the vulnerability can be found here:
https://www.codeaurora.org/invalid-path-check-ashmem-memory-file-cve-2016-5340 [codeaurora.org]
Patch can be found here:
https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=06e51489061e5473b4e2035c79dcf7c27a6f75a6 [codeaurora.org]
Note that while un-patched devices are vulnerable, exploitation requires that you (or someone in possession of your device) installs a malicious app.
No, no, you're not thinking; you're just being logical. --Niels Bohr