The latest CyanogenMod update has come available. This update will bring your handset up to version 10.1.1, but instead of arriving with a changelog full of new features, this one arrived with a few key bug fixes. More specifically, some security related bug fixes -- including a fix for the "Master Key" exploit that has recently been brought to light by Bluebox Security.
This CM10.1.1 update will fix the Master Key exploit, which is also known as bug 8219321. And in addition to this being fixed in CM10, this issue was also patched for those using CM9 and CM7. The other items in the CM10.1.1 update include the following;
- CVE-2013-2094 (Linux kernel exploit)
- CVE-2013-2596 (Qualcomm-specific exploit)
- CVE-2013-2597 (Qualcomm-specific exploit)
There was also mention of some unspecified "general device" bug fixes. Along with news of the update being available, the folks at CyanogenMod are encouraging users to update as soon as their respective build is available. A quick check of the Verizon Galaxy S III we have running CM10.1.0.3 shows the update as being available and ready. In fact, the update is being downloaded and installed as this post is being written.
While it is a bit early comment on any issues or side effects that may come as a result of this update, we can say that is has taken care of the "Master Key" issue. We ran the Bluebox security app and are now showing the the Patch Status as being Patched. Simply put, it looks like that is one less issue that CM users have to worry about moving forward.
That said, CyanogenMod users can navigate to the settings and then into About phone -> CyanogenMod updates and hit the refresh button in the upper right to look for the update.