14 comments

[ 0.19 ms ] story [ 58.6 ms ] thread
X-Ray author here, happy to answer any questions folks have!
Why haven't you published this to the Google Play store?
We'd love to be able to publish it in the Play Store, but we were informed by Google that the terms of service disallow any apps that check for vulnerabilities, despite X-Ray's good intentions.

It's a weird distinction that they allow AV-like apps, but not vulnerability assessment apps.

Galaxy Nexus running CM9 RC1 is vulnerable to Mempodroid :(
CM9 RC1 is supposed to be running 4.0.4, right? Shouldn't that have been patched already? Though it also appears they have some bigger issues, like everything you type going out to the debug logs, passwords included.

You should report this on their issue tracker: http://code.google.com/p/cyanogenmod/issues/list

If anyone can quickly point me at the CM9 kernel source, I can verify whether or not this is actually patched.

The vulnerability is looking checking to see if the mem_write() function is functional (where the vulnerability was present), which was removed/disabled by upstream AOSP.

Running an older CM7 build on my evo4g, vulnerable to ZurgRush :(
Grab the latest of JMZTaylor's unofficial CM9 nightlies! They are very stable and a huge upgrade from CM7 on my original Evo.
I'll check that out after work today. I was hoping I wouldn't have to ditch CM to get ICS
Ran it on Verizon Galaxy Nexus (4.0.4) and it appears everything is patched. Now if they would just get me Jellybean, I would be a really happy camper...
Samsung S2 here (running latest update to ICS). All patched, no vulns. I'm actually a little disappointed in a way :-P
Motorola Droid Bionic, running latest official carrier update, vulnerable to Gingerbreak :-\",