An important security issue on Ubuntu phone that has been revealed this morning has been fixed by the Canonical team. This is the first major issue revealed on Ubuntu Touch, and the developers have been quick to repair it.
Earlier today, a user from the Ubuntu community noticed a weird application in the store that could change the boot splash of Ubuntu. That was done through a vulnerability that gave the intruder root access to the phone. The developers from Canonical were quick to respond to the problem, and in just a few hours, it found and fixed the problem. Such vulnerabilities are extremely important, especially since the application could have been much damaging.
From the looks of it, the application used a previously unknown bug in the application installation system. “Upon clicking the “Tap me” button in the app, a script was created that modified the boot splash screen and gave the intruder root access. This could happen only on Ubuntu Phones; users of Ubuntu on the desktop, server, cloud and snappy Ubuntu Core devices are not affected,” reads the official security notification.
This vulnerability is a wake-up call
The Ubuntu devs are saying that security is their main goal, but they didn’t have to deal with this kind of behavior until now. App confinement has been one of their main bragging points, and it didn’t work. They found the problem and fixed it, but this is bound to happen again, or at least people will mostly likely try to get things past the guardians.
The Ubuntu App Store has a number of tools in place that should check for this kind of problem, but the intruder managed to bypass them. The problems with the Store have also been fixed, but now the developers will have to take a closer look at the code and see if some other problems are hiding.
Via Softpedia