Commercial Root Exploit Exists for Google Android 2.2

If you support Google Android in your organization, you might want to consider disallowing (e.g. through Good Technologies or by Exchange ActiveSync reporting) Android versions 2.2 and below until those units can be upgraded. Why? There is now commercially available (Immunity CANVAS) exploit code to gain root access to Android 2.2.

This attack against Android 2.2 is a two-step process. The first step takes advantage of a Android Webkit CSS rule deletion vulnerability, and the second step leverages that access to use a privilege escalation vulnerability to gain root access to the device.

Android 2.3 isn’t affected.

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Leave a Reply