Master Key dual fix 1.3 APK
Current Version: 1.3
Requires Android: 4.0.3 and up
Category: Tools
v1.3 update:
1.3 – Fixed problems with parsing some zips depending on the rom original code
1.2 – Added 2 additional zip entry integrity checks that were missing
1.1 – Support for additional devices with modified core libraries (e.g. MTK6589)
Overview:
Requires the Xposed Framework. Grab it at http://forum.xda-developers.com/showthread.php?t=1574401 and make sure it runs properly on your device.
ROOT only required for installing the Xposed Framework, it can be dropped afterwards.
This app patches 2 vulnerability issues recently found on Android:
- ’Master Key’ (bug 8219321)
- ’bug 9695860’
Both of these allow exploiting signed APKs by replacing the code they contain while maintaining the existing signature valid, leading you to think the original author is someone you trust.
The original Android sources have been corrected to fix both situations, but it might take a while
till stock ROMs include the fixes, if ever.
To check if you’re vulnerable, you can use other apps available on the store such as SRT AppScanner (https://play.google.com/store/apps/details?id=de.backessrt.appintegrity) or Bluebox Security Scanner (https://play.google.com/store/apps/details?id=com.bluebox.labs.onerootscanner).
Note: If using Bluebox Security Scanner, make sure to force a refresh on the app once the fix is applied, otherwise you might get a cached and incorrect result.
For any questions or to support my work, please visit http://forum.xda-developers.com/showthread.php?t=2365294
0 comments:
Post a Comment