Please Apply This Security Vuln Fix

[VendorAttestation]

https://github.com/topjohnwu/Magisk/commit/c2eb6039579b8a2fb1e11a753cea7662c07bec02

else people can can root access spoofing the name and not being a system app and exploit this system see (https://t.me/CanyieChannel/229)

[SevastianGit]

The security vuln fix is apparently included in the latest Magisk Canary release 27007

[BakaCookie520]

kitsune mask好久没有更新了，是受到之前的舆论影响了吗，但是隐藏性好，打开几个开关就能用，这不想放弃啊

[VendorAttestation]

Kitsune Mask hasn't been updated for a long time. Is it affected by the previous public opinion? But it is well hidden and can be used by turning on a few switches. I don't want to give up.

You can't disable the vuln sadly if your phone is NON GMS you can be exploited any time

[automorphism88]

I cherry-picked the fix commit from the official topjohnwu Magisk linked in the OP on top of the most recent version in this repo.

It appears to have worked. It compiled fine, it installed successfully on GrapheneOS, and root works. The only thing I'm unsure about is whether the vulnerability was actually fixed. I'd be happy to create a PR, that could hopefully close this issue, but would be nice to confirm that the fix actually works first. I'm not sure if there is a proof-of-concept somewhere for this vulnerability that could be used for testing.

[BakaCookie520]

I cherry-picked the fix commit from the official topjohnwu Magisk linked in the OP on top of the most recent version in this repo.

It appears to have worked. It compiled fine, it installed successfully on GrapheneOS, and root works. The only thing I'm unsure about is whether the vulnerability was actually fixed. I'd be happy to create a PR, that could hopefully close this issue, but would be nice to confirm that the fix actually works first. I'm not sure if there is a proof-of-concept somewhere for this vulnerability that could be used for testing.

那你完全可以提交一个PR嘛，有没有修复让有能力的用户验证就可以了（？） Then you can submit a PR, is there a fix for the ability to use user verification (?) ）、