CVE-2013-6768

Name of the Vulnerable Software and Affected Versions CyanogenMod/ClockWorkMod/Koush Superuser package version 1.0.2.1 CyanogenMod/ClockWorkMod/Koush Superuser package versions prior to 1.0.2.1 for Android 4.2.x and earlier

Description The issue allows attackers to trigger the launch of a Trojan horse app process program via a crafted PATH environment variable for a /system/xbin/su process.

Recommendations For version 1.0.2.1, update to a newer version to mitigate the risk. For versions prior to 1.0.2.1, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting the use of the PATH environment variable to minimize the risk of exploitation.