CVE-2013-6124

Name of the Vulnerable Software and Affected Versions Android versions 4.1.x through 4.4.x

Description The issue allows local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command. This can be demonstrated by changing the permissions of an arbitrary file via an attack on the sensor-settings file.

Recommendations For Android versions 4.1.x through 4.4.x, consider restricting access to the sensor-settings file to prevent symlink attacks until a patch is available. As a temporary workaround, avoid using the chown or chmod commands on files that can be accessed by local users.