13
Nov
supersu

If you're a root user, listen up. Chainfire updated SuperSU to v1.69 as of last night, which fixes two exploits that could allow an attacker to leverage root privileges without first prompting the user. Probably nothing to get overly anxious about, but it's definitely a good idea to make sure you're running the latest. Details of these exploits will be released next Monday, so you'll want to grab the update before then.

Screenshot_2013-11-13-09-24-12

Fortunately, this one's pretty easy – just install the update from the Play Store and you're covered; no need to flash anything.

This update also includes a handful of other fixes and things:

Changelog
- XBIN mode (some new roots need this)
- Slightly adjusted binary installer
- Backup script installation now available for all backuptool-capable ROMs
- Fixed su-ing to a non-root user not working on some 4.3+ firmwares
- Fixed BOOTCLASSPATH vulnerability (CVE-2013-6774) - Fixed notification sanitization vulnerability (CVE-2013-6775) - Fixed possible closed special files vulnerability
- Updated language files

The update is already live in the Play Store, so make sure to pull it down as soon as you can.

+Chainfire

Cameron Summerson
Cameron is a self-made geek, Android enthusiast, horror movie fanatic, musician, and cyclist. When he's not pounding keys here at AP, you can find him spending time with his wife and kids, plucking away on the 6-string, spinning on the streets, or watching The Texas Chainsaw Massacre on repeat.

  • lebel

    SuperSU shouldn't be closed-source. At least, its su binary. So, people could audit its code.

    • ReturnOfTheMack

      Well that's why Koush built his own SuperUser app.

      • Nick

        I think you have that backwards. SuperUser was around before SuperSU. Or maybe I have it backwards... hmmm...

        • jazzruby
        • akshay7394

          Different SuperUser apps if I'm not wrong

          Koush's eventually got baked into CM as well

        • ReturnOfTheMack

          The superuser app built by ChainsDD has been around for a while but Koush built his SuperUser app after SuperSU came out because he felt the need for an open source superuser app.

          • jazzruby

            Koush built his first Superuser back in Jan 2009 (see my post/link below) and posted it at Google Project. His GitHub Superuser project is his current and released after SuperSU.

    • Justin Case

      Koush's seems vuln to the same attack, and it is opensource.... Numerous vulns have been found in the opensource Superuser apps as well. At least chainfire updates in a timely manor.

    • T

      Wasn't SuperSU released as an alternative to Superuser?

      • Nick

        Yes. I think I figured out the confusion. There were 2 iterations of Superuser. The ORIGINAL Superuser was from ChainsDD. For whatever reason ChainsDD stopped updating it and it became horrible glitchy with each new iteration of Android (I specifically remember this on my Nexus One). So, Chainfire came to the rescue and built SuperSU which was awesomesauce. Then Koush, not liking that SuperSU was closed source, took it upon himself to update Superuser and make it functioning again. Whew, I think I got it!

        • shabbypenguin

          chainsdd is currently deployed and thus unable to work on it.

  • Aaron Stevens

    Is updating it from Play Store enough though? This doesn't update the actual SU binary, which you're prompted to do when opening SuperSU.

    • Alberto

      You can update binary inside the app

  • febLey

    The app icon is still very ugly >_<

    • http://blog.tonysarju.com/ Tony Sarju

      You can change it from within the app.

    • Mark

      You can change it...

  • mma173

    I wonder how Android would be like without devs. like Chainfire.

  • http://the-jade-domain.com Jaime J. Denizard

    I wonder why you can't update the su binary inside of Koush's Superuser app. It's so annoying that it depends on a custom recovery because I choose to not run with a custom recovery on my Nexus devices.