3 comments

[ 3.2 ms ] story [ 17.4 ms ] thread
The author goes into the weeds on the vulnerabilities that can be left following some rooting methods. All to the good.

Meanwhile, it's non-rooted phones that get endlessly compromised

    by state sponsored cellbright attacks (LEO),
    by blackhatted Israeli exploitive malware platforms
    and from an endless array of general crapware, much 
     of it from handset manufacturers, wireless carriers and 
     their bloatware affiliates.
All that said, the article really does go into detail. I know enough to follow along but probably not enough to spot issues (if there are any).
Would be much easier to work against such vulnerabilities if rooting was officially sanctioned and actual resources could be put towards making it a viable and secure option, rather than taking away the power from the user for the device they purchased.
This latest test is related to rooting framework KernelSU. Sinilar vulnerabilities were found earlier in other rooting frameworks such as APatch , SKRoot, etc. The vulnerability results in gaining root access and escalated privileges.