Project

General

Profile

Issue #1143

broadAnyWhere vulnerability - CVE-2014-8609

Added by My Self over 6 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
High
Assignee:
Category:
Security
Target version:
Start date:
12/28/2014
Due date:
% Done:

0%

Estimated time:
Resolution:
fixed
Device:
Grant:
Type of work:

Description

I've checked, that Replicant is vulnerable to the broadAnyWhere (bug: 17356824), registered as CVE-2014-8609.
More informations: http://seclists.org/fulldisclosure/2014/Nov/81
POC (Proof of Concept): https://www.youtube.com/watch?v=H05-6BoB4ng

Solution
AOSP diff: https://android.googlesource.com/platform/packages/apps/Settings/+/37b58a4
CM commit: https://github.com/CyanogenMod/android_packages_apps_Settings/commit/0d7a9ae528029b5f767136c238b6beff3f400ea0

Also available in: Atom PDF