Jump to content


Photo

Heartbleed and the Y300


  • Please log in to reply
2 replies to this topic

#1
RedNick

RedNick

    Newbie

  • Members
  • Pip
  • 16 posts
  • Devices:(not so) Orange San Fran

I know that it is obviously more productive to target servers and therefore individual devices are unlikely to be attacked.  All the same, devices running 4.1.1 (and therefore any stock-based ROM) are vulnerable to this flaw.

 

Is there a known way to update the OpenSSL libraries in a stock ROM with secured versions?  Otherwise, it would appear that Huawei have slated 10-5-14 as a release date for a fixed B197 stock ROM.  Can those with dev experience clarify if it will be possible to replace OpenSSL with, say a CWM-flashable zip, on existing ROMs, using the version from the new stock ROM, once it is released?

 

 


  • 0

#2
SH3H1

SH3H1

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 1,220 posts
  • Gender:Male
  • Devices:Huawei Ascend Y300-0100
There is a heartbleed fix wich is working on fusionX (i tested :D )
I think it will work on all stock based ROMs

  • 0

#3
moddingg33k

moddingg33k

    Addict

  • Members
  • PipPipPipPipPip
  • 561 posts
  • Gender:Not Telling

You could extract any libssl.so (located on your device @  /system/lib/ ) from an 4.1.2 ROM of your choice, like CM10 for example. Take a look @this. Someone extracted the libssl.so already and prepared an updater ZIP: https://www.dropbox....stall-patch.zip

 

It's up to you wheather you extract the file on your own from any ROM or if you trust that guy's file.


  • 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users