Download >>> https://byltly.com/281nk2
An exploit is a programming weakness in the system, and this one allows malicious actors to take control of devices with vulnerable systems. The researcher reported that they have zte mf6xx exploit which can be used on over 100 million devices across the world. The main goal of Android is to provide users with a more open and flexible experience, featuring a large app ecosystem as well as supporting customizable personalization from themes to widgets. However, it also comes with a huge security risk for those who might not be aware of how the operating system works on their phone or who blindly depend on Google's built-in security features. The researcher released a video showing exploitation of the vulnerability and read: “I am releasing the full exploitation chain which includes a novel still unpatched remote code execution (RCE) bug in ZTE MF622, MF627 and probably other ZTE models, combined with two known privilege escalation exploits to achieve root access. The root exploit used here is based on CVE-2013-6282 (originally discovered by flar2). I found this bug to be remotely exploitable by default and without any special configuration.” The researcher also created an exploit demo video: ZTE has quickly responded to the vulnerability and released a patch for it to its customers. The researchers have made the exploit source code freely available on his Github page which also contains an up-to-date list of affected devices. AT&T has released a security advisory regarding the vulnerability.ARTICLE END This vulnerability poses a serious threat to the Android community as it is easily exploitable and affects ZTE phones running Android versions above 4.1 Jelly Bean, which is installed on majority of devices, across the world. The exploit can be used by malicious actors to hijack your phone and steal your personal information like credit card details, login credentials, etc. It even allows criminals to take control of your phone with all permissions enabled without any alert or notification to the user about their actions. The researcher has provided a guide on how users can protect themselves from this vulnerability here. "These are guidelines on how to protect yourself from this vulnerability. Do not root your device. Never trust a ZTE firmware file provided by a third party, even if it is accompanied by a rooting tool." ZTE mf6xx_exploit+root_CVE-2013-6282.zip (exploitation demo) zte_mf6xx_exploit+root_CVE-2013-6282. zip (exploitation demo) This advisory has been updated with the following text... "If you are on any of the following devices, please update your ZTE firmware as soon as possible by visiting https://www.zteusa.com/aboutus/softwareupdates." Here is the full advisory: The Chinese company ZTE has released a patch for this vulnerability via their official website. It can be applied to devices running Android versions below 4.1 Jelly Bean. For any device running higher versions of Android, please visit ZTE's official website for an immediate solution. cfa1e77820
Comments