Moto G4 and Moto G5 ABOOT Vulnerability Grants a Root Shell, Patched in May’s Security Update
It seems that the Android Bootloader on select Motorola devices is vulnerable to a kernel command-line injection attack. This initroot attack was first discovered by just last month when they announced it for the Nexus 6 smartphone. They assumed this attack was possible on other Motorola devices but hadn’t done any additional tests at the time. They were then contacted by a few people within the community and they were able to affirm their suspicion.
It was suggested to them that both the Moto G4 as well as the Moto G5 were both vulnerable to this kernel command-line injection attack. They went out and acquired these two devices and have since confirmed that the Android Bootloader (ABOOT) on these devices were indeed vulnerable to this same attack that they announced just last month (CVE-2016-10277). The only differences were that it required they port initroot to these two devices.
via Blogger http://ift.tt/2t0bQNn