CVE-2023-46139

Summary

CVE-2023-46139 is a vulnerability affecting KernelSU, a kernel-level root solution for Android devices. In versions 0.6.1 and prior to 0.7.0, if a device with KernelSU is infected with malware with a manipulated app signing block, the malware can gain root privileges. The issue arises due to a flawed signature verification logic in KernelSU, which incorrectly identifies signatures based on their location within the block. attackers can exploit this by downgrading or upgrading the signature, leading KernelSU to mistakenly believe it is a certain version, while the actual signature used for APK verification differs. This vulnerability has been addressed in version 0.7.0. Users can mitigate the risk by keeping the KernelSU manager installed and avoiding installation of unknown apps.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.