Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43434
  • Total Topics: 16528
  • Online today: 3056
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 3
Guests: 2945
Total: 2948









Author Topic: Xposed Framework APK aka How to Patch the Latest Android "Master Key" Bug  (Read 3950 times)

0 Members and 1 Guest are viewing this topic.

devnullius

  • SCF VIP Member
  • *****
  • Posts: 3614
  • KARMA: 157
  • Gender: Female
    • SCForum.info
Copy Paste FROM: http://gs3.wonderhowto.com/how-to/patch-latest-android-master-key-bugs-your-samsung-galaxy-s3-0147960/

Posted By Faisal Hussain Faisal Hussain, yesterday

A few weeks ago, Bluebox Security uncovered a bug that could potentially effect 99% of Android devices. Bug 8219321 (http://bluebox.com/corporate-blog/bluebox-uncovers-android-master-key/), dubbed the Master Key bug, works by allowing applications with modified code to pass Android's signature verification system, thereby bypassing security measures that normally wouldn't allow these apps to be installed.

How does this effect you? Well, modified apps can cause a lot of havoc on your Samsung Galaxy S3, the biggest concern being the availability to send out all of the information stored on your device. That means your contacts, messages, emails, passwords, and more can be accessed by the maliciously minded.

Literally days after the discovery of the Master Key bug, a Chinese firm called Android Security Squad discovered a similar exploit—Bug 9695860 (http://translate.google.com/translate?sl=cn&tl=en&js=n&hl=en&ie=UTF-8&u=http%3A%2F%2Fblog.sina.com.cn%2Fs%2Fblog_be6dacae0101bksm.html). While taking a different approach, the effects of this vulnerability are virtually the same as the Master Key bug.

Now that you know the danger, let's eliminate it!


Step 1: Make Sure You're Rooted
You cannot patch these bugs unless you're rooted, so if you're not, check out my past guide (http://gs3.wonderhowto.com/how-to/easiest-way-possible-root-your-samsung-galaxy-s3-just-one-click-0145341/) for instructions.

Step 2: Make Sure Unknown Sources Is Checked
By now, this should be a given for any softModder, but just in case you've turned it off, make sure to enabled Unknown sources by going to Menu -> Settings -> Security.

Step 3: Install the Xposed Framework
Previously, I covered installing the Xposed Framework onto the Samsung Galaxy S4 (http://gs4.wonderhowto.com/how-to/get-70-softmods-your-samsung-galaxy-s4-for-no-fuss-customization-your-fingertips-0147109/), and the process is the same for every Android device, including our GS3s—and it couldn't be simpler.

Download and install the Xposed Framework APK (http://forum.xda-developers.com/attachment.php?attachmentid=1957219&d=1368387321) onto your device.
Open up the app and select Install/Update to ensure you're on the latest version.
Reboot your device.

Step 4: Install Master Key Dual Fix
App developer tungstwenty (http://forum.xda-developers.com/member.php?u=4322181) created Master Key Dual Fix (https://play.google.com/store/apps/details?id=tungstwenty.xposed.masterkeydualfix) to simply and easily patch these two potentially dangerous bugs. Now that you have the Xposed Framework installed and up to date, just download Master Key Dual Fix from Google Play (https://play.google.com/store/apps/details?id=tungstwenty.xposed.masterkeydualfix) and install like any other app.

End Copy Paste

Help me sharing! https://copy.com/?r=zOEhNk - Clear 15GB of cloud storage and... 

Karma

Devvie


~~~ notemail@facebook.com ~~~

Conare nullius momenti videri fortasse missilibus careant
——
All spelling mistakes are my own and may only be distributed under the GNU General Public License! – (© 95-1 by Coredump; 2-013 by DevNullius)
More information about bitcoin, altcoin & crypto in general? GO TO  j.gs/7385484/btc

Cuisvis hominis est errare, nullius nisi insipientis in errore persevare... So why not get the real SCForum employees to help YOUR troubled computer!!! SCF Remote PC Assist http://goo.gl/n1ONa9

Samker's Computer Forum - SCforum.info


 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023