Moto G4 and Moto G5 Vulnerable to Root Shell Attacks, Patch in May's Security Update

Moto G4 and Moto G5 Vulnerable to Root Shell Attacks, Patch in May's Security Update

    

Moto G4 and Moto G5 Vulnerable to Root Shell Attacks, Patch in May's Security Update
Discovered by Aleph Research, the Moto G5 and the Moto G4 is vulnerable to a kernel command-line injection attack. This initroot attack vulnerability was first discovered inside the Nexus 6.


According to the reports, Android Bootloader (ABOOT) on the Moto G4, Moto G5, and other possible Motorola devices were vulnerable to the same attack that they announced for the Nexus 6 (CVE-2016-10277).


As explained by XDA developers, this whole process allows the attacker to inject a parameter (named initrd) which is able to force the Linux kernel to populate initramfs into rootfs from a specified physical address. The attack also allows an attacker to abuse the download function in ABOOT to put a malicious initramfs at a known physical address. Moreover, the attacker is able to gain an unrestricted root shell.

However, Google has patched this issue in May’s security update. OTA updates of May Android patch is already available for a few Moto Z Play and Moto Z Smartphones. We will let you know once the update is out for the Moto G4, Moto G5, and other Motorola devices.

Via: XDA Developers | Source: Aleph Research


0  :