In Response to The Register “MITM” Article

On Monday, The Register put out an article reporting that CyanogenMod was open to a Man-in-the-middle (MITM) attack via a “0-day” vulnerability relating to a SSL vulnerability in Android’s JSSE from 2 years ago.

There are a number of issues we could point out regarding the nature of this report – the least of which was the lack of contact regarding this topic prior to publishing. Our followup request to the author for direct references to his claims (or a retraction) has gone unanswered, so we are left to refute this article on our own. This is odd as The Register has historically had good messaging with respect to CM, but mistakes happen.

First, JSSE is not used in Android 4.4, which would mean any vulnerability would be applicable to Android 4.3 or below only.

Second, CyanogenMod does not customize this particular level of code – meaning if such a vulnerability …

Read the Rest…

CyanogenMod 11.0 M11

Hot off the presses, the 11th M build of CM 11 is making its way to the download portal. With it comes the latest round of bug fixes, improvements and features to our Android 4.4.4 codebase. A high-level changelog is provided below – take a look!

For our nightly users, to avoid conflicts on taking this update please do not apply an M11 build on top of any nightly beyond September 30th, as that was when this code was branched for testing and verification prior to release.

M11 Changelog:

* New Devices: Galaxy S4 Active (jactivelte), Galaxy S4 SK I-9506 (ks01lte), Galaxy S5 GSM (klte), Galaxy Tab 10.1 (picassowifi), Galaxy Player 4.0 (ypg1) * Re-introduce Samsung Galaxy Relay 4G (apexqtmo) support  * Fix signal strength showing ’2147483647′ on certain devices * Frameworks & Core Apps: CAF and other upstream updates * Lockscreen: Do not play sounds while a phone call is active & MSIM …

Read the Rest…

CyanogenMod 11.0 M10 arrives

A little late due to the US holiday at the start of the month and some higher than average patches for review and acceptance, but none worse for the wear the M10 release of CM11 is upon us. The M10 code was branched on September 9th, with additional patches merged over the course of the last 6 days to fix identified gaps. A changelog is provided towards the end of this post.

As always, we are not infallible, and there may be items that we have not yet resolved (or know about). To help combat this issue and make things easier for you and us, we’ve introduced a new tool into the CM arsenal, the CM Bug Tracker application. Whenever you crash a system application, you will be prompted with an option to upload a snippet of a log to us – namely the actual crash reported by the system and the stacktrace that accompanies it …

Read the Rest…

Housekeeping: Sony Fusion3 and Moto msm8960dt

Another quick device update as our maintainers continue to improve the CM11 code branch. First the Sony fusion3 family of devices - Z, ZL ZR, Tablet Z – have all been updated to 4.4 Sony guts (10.5.A.0.230) and the latest from Sony’s GPL kernel source. This brings along with it a boost in performance over previous builds as things become optimized for Android 4.4.4.

The Motorola ‘moto_msm8960dt’ device variant is getting a rebranding to be simply known as ‘ghost’ – encompassing all previously supported variants of the Moto X (1st gen) device. Notably, however, we are officially dropping support for the ‘obake’ device (Moto Droid Maxx Dev Edition) moving forward. This change is in effect starting tonight. Existing Moto X users on the former ‘moto_msm8960dt’ device can update to ‘ghost’ builds without wiping. The obake support is officially being retired due to lack of a maintainer (and poor sales of the platform in general).

The CM11 …

Read the Rest…

PSA: Note 3 Devices and variants update

Starting with tonight’s nightlies, the Note 3 Qualcomm variants (collectively known as the HTLE device) are being split into 3 devices: ‘hlte’ for all GSM users, ‘hltespr’ for users of the Sprint version, and ‘hltevzw’ for users of the Verizon version. This divergence of the device is being driven by QMI and other incompatibilities between the platform, thus preventing a ‘unified’ device from working as well as we’d like.

Important: You must manually make sure you update to an appropriate build after today’s date. You cannot continue to flash the hlte build on top of your Verizon or Sprint Note 3 (GSM users are fine).

Due to how the devices report themselves to recovery, while we can place some guards in to lessen the issue, you will most likely not be blocked from installing incompatible builds – so you must be take a first step action to make sure you update appropriately. Once you are …

Read the Rest…

PSA: Device Updates – M9, Jewel and Moto

With the release of CM11 M9 over the weekend, this is a perfect opportunity to touch base on a couple of device support related items, and information that may be relevant to many of you.

Device status roster

One of the more common questions asked after every M-release is with regards to the status of any one particular device in general – usually one that missed the M release mark. To help give you a central place to  check up on this information, we’ve created the Device Status page on our wiki. This page will be updated alongside each monthly release to include an assessment of currently supported devices and what (if any) reasons prevented its release for that particular month. This can be simply because of time constraints for your maintainers or something more severe such as known blockers and bugs.

Jewel

Some of you may have noticed that jewel was pulled from …

Read the Rest…