Posted by: devnullius
« on: 21. July 2013., 09:13:38 »Copy Paste FROM: http://gs3.wonderhowto.com/how-to/patch-latest-android-master-key-bugs-your-samsung-galaxy-s3-0147960/
Posted By Faisal Hussain Faisal Hussain, yesterday
A few weeks ago, Bluebox Security uncovered a bug that could potentially effect 99% of Android devices. Bug 8219321 (http://bluebox.com/corporate-blog/bluebox-uncovers-android-master-key/), dubbed the Master Key bug, works by allowing applications with modified code to pass Android's signature verification system, thereby bypassing security measures that normally wouldn't allow these apps to be installed.
How does this effect you? Well, modified apps can cause a lot of havoc on your Samsung Galaxy S3, the biggest concern being the availability to send out all of the information stored on your device. That means your contacts, messages, emails, passwords, and more can be accessed by the maliciously minded.
Literally days after the discovery of the Master Key bug, a Chinese firm called Android Security Squad discovered a similar exploit—Bug 9695860 (http://translate.google.com/translate?sl=cn&tl=en&js=n&hl=en&ie=UTF-8&u=http%3A%2F%2Fblog.sina.com.cn%2Fs%2Fblog_be6dacae0101bksm.html). While taking a different approach, the effects of this vulnerability are virtually the same as the Master Key bug.
Now that you know the danger, let's eliminate it!
Step 1: Make Sure You're Rooted
You cannot patch these bugs unless you're rooted, so if you're not, check out my past guide (http://gs3.wonderhowto.com/how-to/easiest-way-possible-root-your-samsung-galaxy-s3-just-one-click-0145341/) for instructions.
Step 2: Make Sure Unknown Sources Is Checked
By now, this should be a given for any softModder, but just in case you've turned it off, make sure to enabled Unknown sources by going to Menu -> Settings -> Security.
Step 3: Install the Xposed Framework
Previously, I covered installing the Xposed Framework onto the Samsung Galaxy S4 (http://gs4.wonderhowto.com/how-to/get-70-softmods-your-samsung-galaxy-s4-for-no-fuss-customization-your-fingertips-0147109/), and the process is the same for every Android device, including our GS3s—and it couldn't be simpler.
Download and install the Xposed Framework APK (http://forum.xda-developers.com/attachment.php?attachmentid=1957219&d=1368387321) onto your device.
Open up the app and select Install/Update to ensure you're on the latest version.
Reboot your device.
Step 4: Install Master Key Dual Fix
App developer tungstwenty (http://forum.xda-developers.com/member.php?u=4322181) created Master Key Dual Fix (https://play.google.com/store/apps/details?id=tungstwenty.xposed.masterkeydualfix) to simply and easily patch these two potentially dangerous bugs. Now that you have the Xposed Framework installed and up to date, just download Master Key Dual Fix from Google Play (https://play.google.com/store/apps/details?id=tungstwenty.xposed.masterkeydualfix) and install like any other app.
End Copy Paste
Help me sharing! https://copy.com/?r=zOEhNk - Clear 15GB of cloud storage and...
Karma
Devvie
~~~ notemail@facebook.com ~~~
Conare nullius momenti videri fortasse missilibus careant
——
All spelling mistakes are my own and may only be distributed under the GNU General Public License! – (© 95-1 by Coredump; 2-013 by DevNullius)
Posted By Faisal Hussain Faisal Hussain, yesterday
A few weeks ago, Bluebox Security uncovered a bug that could potentially effect 99% of Android devices. Bug 8219321 (http://bluebox.com/corporate-blog/bluebox-uncovers-android-master-key/), dubbed the Master Key bug, works by allowing applications with modified code to pass Android's signature verification system, thereby bypassing security measures that normally wouldn't allow these apps to be installed.
How does this effect you? Well, modified apps can cause a lot of havoc on your Samsung Galaxy S3, the biggest concern being the availability to send out all of the information stored on your device. That means your contacts, messages, emails, passwords, and more can be accessed by the maliciously minded.
Literally days after the discovery of the Master Key bug, a Chinese firm called Android Security Squad discovered a similar exploit—Bug 9695860 (http://translate.google.com/translate?sl=cn&tl=en&js=n&hl=en&ie=UTF-8&u=http%3A%2F%2Fblog.sina.com.cn%2Fs%2Fblog_be6dacae0101bksm.html). While taking a different approach, the effects of this vulnerability are virtually the same as the Master Key bug.
Now that you know the danger, let's eliminate it!
Step 1: Make Sure You're Rooted
You cannot patch these bugs unless you're rooted, so if you're not, check out my past guide (http://gs3.wonderhowto.com/how-to/easiest-way-possible-root-your-samsung-galaxy-s3-just-one-click-0145341/) for instructions.
Step 2: Make Sure Unknown Sources Is Checked
By now, this should be a given for any softModder, but just in case you've turned it off, make sure to enabled Unknown sources by going to Menu -> Settings -> Security.
Step 3: Install the Xposed Framework
Previously, I covered installing the Xposed Framework onto the Samsung Galaxy S4 (http://gs4.wonderhowto.com/how-to/get-70-softmods-your-samsung-galaxy-s4-for-no-fuss-customization-your-fingertips-0147109/), and the process is the same for every Android device, including our GS3s—and it couldn't be simpler.
Download and install the Xposed Framework APK (http://forum.xda-developers.com/attachment.php?attachmentid=1957219&d=1368387321) onto your device.
Open up the app and select Install/Update to ensure you're on the latest version.
Reboot your device.
Step 4: Install Master Key Dual Fix
App developer tungstwenty (http://forum.xda-developers.com/member.php?u=4322181) created Master Key Dual Fix (https://play.google.com/store/apps/details?id=tungstwenty.xposed.masterkeydualfix) to simply and easily patch these two potentially dangerous bugs. Now that you have the Xposed Framework installed and up to date, just download Master Key Dual Fix from Google Play (https://play.google.com/store/apps/details?id=tungstwenty.xposed.masterkeydualfix) and install like any other app.
End Copy Paste
Help me sharing! https://copy.com/?r=zOEhNk - Clear 15GB of cloud storage and...
Karma
Devvie
~~~ notemail@facebook.com ~~~
Conare nullius momenti videri fortasse missilibus careant
——
All spelling mistakes are my own and may only be distributed under the GNU General Public License! – (© 95-1 by Coredump; 2-013 by DevNullius)