CVE-2015-3833 and you

The past month has been dominated by highly publicized vulnerabilities such as ‘Stagefright’, ‘Certifi-gate’, and ‘Deserialization’, however the August wave of fixes also included many other fixes, one of which in particular we have received a lot of questions/complaints over.

CVE-2015-3833 affects Android 5.0 and higher, and is officially described as follows:

Mitigation bypass of restrictions on getRecentTasks()

A local application can reliably determine the foreground application, circumventing the getRecentTasks() restriction introduced in Android 5.0.
This is rated as a moderate severity vulnerability because it can allow a local app to access data normally protected by permissions with a “dangerous” protection level.

This particular patch was merged into CM sources on August 12th. As a result, apps that relied on attaining a list of running processes via the now plugged hole will fail to function properly. This includes (but is not limited to) apps like Greenify, FMR Memory cleaner, Zillow and System Panel [1]. Google’s AOSP r9 release also contains this fix, so most devices receiving a 5.0 or a 5.1 OTA update from manufacturers will also be impacted.

[1] System Panel’s author has put out an updated app that contains a workaround for the blockage.

How to know if you have an affected application

If you take a look at your logcat, apps that are blocked due to the vulnerability being addressed will show an error message with the contacts REAL_GET_TASKS. If you see this in your logs, you have an app that is affected by this protection mechanism.

Affected apps will need to implement workarounds as needed.

  • jwinstonsf

    The latest greenify seems to have addressed the problem.

  • miladmaz12

    The beta version?

  • Ankur

    so…any news on cm 12.1 snapshot? cyanogenmod said they should have it ready by the end of the month…

  • ciwrl

    I count 3 days left 😉

  • Ankur

    thanks for the reply! is it confirmed or not?

  • ciwrl


  • Portzblitz

    Thanks for the post, and for this stable update. Cheers.

  • jwinstonsf

    As a matter of fact, yes. The beta version.

  • Zachary Hinson

    Just curious, do you know when or if any new nightlies of CM12.1 will be posted for the Galaxy S6? (All variants)

  • Davide Brutti

    When Apple will release an Android based smartphone.

  • Zachary Hinson

    I’m serious. They’ve made cyanogenmod 12 for exynos powered phones before. I have complete faith in cyanogen to make it for the S6

  • Davide Brutti

    They’ve made a CM on Exynos devices before and that’s why they won’t support S6 and all its variants.

    If you want CM there are dozens of Qualcomm based supported devices.

  • Zachary Hinson

    So did you come onto the forums just to troll people? Do you know people who work on that team? They’d be losing a ton of people if they stop supporting exynos.

  • Davide Brutti

    They don’t earn money from us, so you are free to choose another ROM like they are free to NOT support Samsung which goes against the DEVs with its closed platform.

    No trolling, just presenting to you the picture of the real life, accept it.

    Why they hell they should go with a closed platform when Intel and Qualcomm are supporting the DEVs?

  • Zachary Hinson

    Yeah. I just went from nexus 5 to S6, so this is really, super upsetting.

  • Davide Brutti

    That’s why I took a Nexus 6 😉

  • Zachary Hinson

    So true. I just couldn’t do the 6 inch screen. I like 5 as my maximum.

  • miladmaz12

    Is the new messaging/filemanager design included?

  • Kudo

    I’ve install cm12.1 on my Samsung galaxy s2 GT-I9100G and everything is working find BUT just that i couldn’t install facebook app. Anyone know how to sovle this problem?

  • Stewved

    Ah, but did they specify which month? (LOL)

  • iron2000

    Anyway to pinpoint which is the affected app?

  • Stewved

    All of these vulnerabilities are precisely why CyanogenMod is such a great project; My Galaxy S2 (and my Galaxy S3 soon hopefully) are not updated in any way by Samsung, so it is great to be able to put a ROM on that does 😀

    As an S2(i9100) CM 12.1 Nightly user (maintained by the awesome Lysergic_Acid), I must have silently got this patch a fortnight ago 😀

    By the way, CM, Could you guys make the maintainers known somehow on the download part of the site? maybe optionally add a “donate” button for them similar to what happens on XDA? Maybe even build info and donate right into the CM OTA Update app 😀

  • VenuSux

    Okay that’s great. You have 3 more days for the stable versions to be out.

  • Pablo Pastore


  • _L33T_

    So… android m will be cyanogenmod 13 or 12.2 ?

  • Smurf X

    Or CM14? Anyway major releases and version/name letter changes are always worth of big number so it can´t be 12.2

  • Lucas de Eiroz ™

    It will be CM13, because M is the 13th letter of the alphabet. That’s the reason for all CM versions.

  • Shaheer

    It’s confirmed! I’m finally switching back to CyanogenMod! Thank u so much!

  • antonio cesar

    Version chances but desert dont = .X upgrade
    Desert changes = X. upgrade
    So will be cm13 even if M was just 5.2

  • toomanyrappers

    System Panel’s dev might want to rethink the current strategy. I have the app on the latest nightly and it is broken.

  • Julian Torres

    Will a android M os be added to the nexus 6 or something like that. I accidentally bricked my phone then somehow managed to put CM12 on it. Is there a way to put on stock android. I dont know how to do it on a computer. I know this is long but I would like to know.

  • Paulius Šileika

    So snaphshots will be back,or its just only temporarily till next CM version?

  • Michał M

    Why cm12.1 is still based on old aosp? When r9 is going to be merged into cm12.1 nightly?

  • Alessio

    And what about the jfltexx? Any snapshot for this device? Or anything?

  • TomoS

    Where is the final Snapshots for CM11? I’m waiting for GT-i9300

  • VenuSux

    Today’s the day

  • droopyar

    When it will be ready CM13 with Android 6.0 Marshmallow???? Source Code is public now

  • Smurf X

    This is the Day.

  • droopyar

    Waiting CM13 for latest 6.0 android!

  • Kirk Amvrosidis

    aaand that has been the end of the month. What were you expecting?

  • _L33T_

    Hm… It’s the first time I see that android names were taken alphabetically

  • Andy “CrossGate” Yan

    So this is the reason Advanced Task Killer Pro shows me blank face.
    But since that app is rarely, if ever, updated, I guess I’ll have to look for alternatives…

  • Salah Tazlok

    is Sony Z1 will get 12.1 snapshot ?

  • rko

    please support “lava iris x1″….as its been years no one has ever made
    cm rom for this device……there are huge population in india using
    this handset waiting for cyanogenmod rom….

  • Šhęïķ Ãfîýåş

    i has problem when updating phone with new nightly 420 version that the problem is it does not contain any of the google apps like playstore,playservices etc.