Towelroot uses the Futex vuln disclosed June 2, 2014. There's been a running bet on who would be the first to roll this bug into a one-click root for Android
Right, I was just going to post that -- it's CVE-2014-3153, why is the article claiming "Towelroot is based on an hardware exploit, so it could not be fixed with a software update."?
Edit: this looks like a pretty bad vulnerability for samsung owners (or all android devices with an unpatched kernel) - any app could silently root your phone?
Confirmed it to be mostly working on a Nexus 4 running 4.4.3. Only issue I'm having is that it won't let me update the supersu binary properly but other than that it works. I just got back App Ops with it.
Why do you even need to root a Nexus 4? It just lets you unlock / root it out of the box with no more effort than plugging in a usb cable and installing fastboot/adb.
10 comments
[ 3.1 ms ] story [ 26.0 ms ] threadTowelroot uses the Futex vuln disclosed June 2, 2014. There's been a running bet on who would be the first to roll this bug into a one-click root for Android
Edit: this looks like a pretty bad vulnerability for samsung owners (or all android devices with an unpatched kernel) - any app could silently root your phone?