A few days ago, Jon Larimer and Jon Oberheide published a vulnerability for Android platforms < 2.3.6. David Maciejak and I were curious to run it on an Android phone.
Result: it runs perfectly :(
So, what is this to us?
Well, it’s a new way to root Android phones running 2.3.4. We already had exploits for that on versions prior to 2.1 or 2.2. (uDev and rageinthecage exploits), or prior to 2.3.4, or 3.0 (gingerbreak/honeybomb), but nothing in between for 2.3.4/2.3.5.
And because rooting a phone is particularly valued by malware authors, it’s important to us. For example, malware like to silently download and install other packages, but this requires root privileges. This is why trojans such as Android/DroidKungFu.A!tr initially try to root the phone with an exploit. We were used to looking for rageinthecage binaries, now we'll have to keep an eye on levitator...
-- the Crypto Girl