14 DAY TRIAL // Justin Case of CunningLogic has identified a race condition bug in the Sprite Software backup application installed on at least 40 LG Android devices. The vulnerability can be exploited by a local attacker to execute arbitrary code as the root user.
The issue impacts devices running version 1.3.24 of “spritebud,” the service that performs the backup/restore actions, and version 2.5.4105 of “backup,” the user front end app. However, it’s likely that other versions are impacted as well.
The exploit depends on a crafted backup file that allows the attacker to write to, change permission, and change ownership of any file.
According to Heise, the vulnerability has been reported to LG, Google, and Sprite Software. A patch for the issue will be rolled out soon.
Additional technical details of the exploit are available here.