This vulnerability can cause around 10 million CyanogenMod ROM users to be exposed to man-in-the-middle (MitM) attacks.
CyanogenMod ROM
CyanogenMod ROM is an open source operating system for Android smartphones and tablets.
It allows root access to the Android users otherwise denied by Googles proprietary operating system.
This in turn lets users tweak and trick the smartphone to behave exactly as the user wants it.
A simple example of a user opening a banking website and communicating with the banking server.
For a MitM to succeed both the communicating parties, i.e.
your PC and the banking website have to be satisfied about mutual authenticity.
This is done through certificates that your machine and the banking servers communicate and verify.
A false certification approval by the website can open door for MitM attacks.
The problem was that these certificates were vulnerable to an older bug and were later patched by Oracle.
However, CyanogenMod developers team still used the old unpatched certificates.
It was further researched upon February this year.
source: www.techworm.net
