Android Vulnerabilities in Lenovo Vibe Allow Jailbreaking – Infosecurity Magazine

According to a Levono advisory, the first vulnerability, CVE-2017-3748, consists of improper access controls on the nac_server component, which can be abused in combination with the remaining two bugs to elevate privileges to root user. The other bugs, CVE-2017-3749 and CVE-2017-3750, are found in the Idea Friend Android application and The Lenovo Security Android application, respectively. These vulnerabilities allow users (or attackers with access) to back up and restore private data via Android Debug Bridge (ADB)—a feature that can be abused in conjunction with the other bugs to elevate privileges.

Click here to view original web page at www.infosecurity-magazine.com

Categories:

Your e-mail address will not be published.
Required fields are marked*