We all know that rooting your Android carries with it a certain level of risk. Once that door is opened, though, we try to mitigate any impact by using superuser apps that act as bouncers, only granting that high-clearance access to apps deemed necessary by us, the users. At least, that’s how we expect them to work, but a number of vulnerabilities have recently been uncovered in some very popular superuser apps, potentially allowing malicious software to sidestep the protections they offer.
Affected apps include the ChainsDD Superuser, the Koush Superuser, and older versions of Chainfire SuperSU. SuperSU has already been updated to secure itself against these exploits, and the Koush Superuser is mostly fixed, with just one of several bugs still outstanding. The ChainsDD one, on the other hand, isn’t expected to be updated at all, and users should probably find something new.
If you’re interested in keeping your device safe – especially now that these exploits have been made public – make sure you’re on the very latest version of your superuser app, and maybe even consider using SuperSU until Koush is 100% fixed.