Update:CM team has released CyanogenMod 10.1.2 build containing a fix for a new apk-level issue in Android that was identified on Thursday. Updated builds have already started coming out and can be grabbed from get.cm or CM Updater.
Google has also patched the AOSP source code.
“Some of you may have noticed some details emerging yesterday about a new apk-level issue in Android (bug 9695860) . Google has already released a patch for it, so 10.1.2 is a minor upgrade on top of 10.1.1 to add that change.
Even though it’s minor, all users running 10.1.0.x or 10.1.1 are advised to upgrade,” CM team noted in a Google+ post.
Earlier: CyanogenMod team released a minor CM 10.1.1 build for over 40 devices late-Wednesday. The latest build comes with patches for multiple known exploits that we have been hearing about in the last few days including the master key bug.
“Given all the Android security topics in the news, we thought it prudent to issue a follow-up to the 10.1.0 general release, incorporating patches for various vulnerabilities that have since been identified,” CM team noted in a blog post.
CM 10.1.1 Changelog
- Bug 8219321 aka “MasterKey” exploit (also patched in CM 7 and CM 9 source)
- CVE-2013-2094 (Linux kernel exploit)
- CVE-2013-2596 (Qualcomm-specific exploit)
- CVE-2013-2597 (Qualcomm-specific exploit)
- General device bug-fixes
The updated build can be downloaded from get.cm or via CM Updater on your CM 10.1.0 running devices. The team has also added the patches in CM 7 and CM 9 sources, so chances are that your old devices, which do not have access to CM 10.1, might be a quick CM 7 or CM 9 build containing these patches.