Lenovo Smartphones Vulnerable to Local Root Exploits, Patches Available

[Bot]

Lenovo has confirmed that VIBE smartphones are vulnerable to a local root exploit due to three different vulnerabilities, with patches already available for some, but not all of the affected models.

The company explains in an advisory that an attacker with physical access to the device can obtain root privileges if no security system is configured, such as a PIN or password. Once root privileges are obtained, the attacker can “modify the device’s operation and functionality in myriad ways,” the company explains.

Lenovo says that one of the vulnerabilities, namely CVE-2017-374, allows improper access controls on the nac_server component, which can be abused in conjunction with other vulnerabilities, including CVE-2017-3749 and CVE-2017-3750. This allows attackers to gain root access to the device and eventually root it to get full control.

Rooting a device isn’t obviously the end of the world... (read more)

Read more: Lenovo Smartphones Vulnerable to Local Root Exploits, Patches Available