There is a race condition bug in the Sprite Software backup application installed on at least 40 LG Android devices, a security researcher said.

The vulnerability could end up exploited by a local attacker to execute arbitrary code as the root user.

Ransomware Attacks Android Devices
Ransomware that Steals Passwords
Ransomware Encrypts Data
Ransomware Uses Java Zero Day

The issue impacts devices running version 1.3.24 of “spritebud,” the service that performs the backup/restore actions, and version 2.5.4105 of “backup,” the user front end app, said Justin Case of CunningLogic. However, it’s likely that other versions suffer from the issue as well.

The exploit depends on a crafted backup file that allows the attacker to write to, change permission, and change ownership of any file.

Schneider Bold

LG, Google, and Sprite Software are aware of the vulnerability and a patch for the issue will release soon.

Pin It on Pinterest

Share This