CopperheadOS's OpenBSD malloc port uncovered a use-after-free in Android's fancy new over-the-air update sorcery: https://android-review.googlesource.com/#/c/196090/ .
@CopperheadSec Thanks I expect that they will eventually merge the ChromiumOS and Android updaters. I don't know why they haven't already.
-
-
@BRIAN_____ Basically, the uncrypt tool mangles the file and sets up the necessary magic for the recovery to read the update from /data. -
@BRIAN_____ So it's done in place without the recovery needing to mount /data as it's encrypted and they wouldn't want to prompt the user. -
@BRIAN_____ The source seems to be the only form of documentation for the internal details like the uncrypt magic: https://android.googlesource.com/platform/bootable/recovery/+/master …. -
@BRIAN_____ The other strange part is the tooling for generating recovery.img from boot.img and writing it out on the first updated OS boot.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.