Last week it was discovered that a number of ZTE Android mobile phones had a security hole. Specifically, some phones contain a poorly protected setuid shell that can be used to gain elevated privileges – also known as ‘root’ access. This type of access allows an attacker full control over a device – which includes the ability to install or uninstall applications without notice and access to any sensitive personal information on a device.
The particular vulnerability appears to be limited to a single model distributed in the US – the ZTE Score M.
Mobile security experts, Lookout, advises that people with this phone should be particularly careful in regards to the apps they download and websites they visit until they get the security patch from ZTE. As soon as ZTE makes the patch available, people with this phone should download it immediately.
For more information about this security threat, read the Lookout blog:http://blog.mylookout.com/blog/2012/05/21/zte-security-vulnerability/.
This vulnerability has been confirmed by ZTE who are currently working on a patch.