Lineage OS which know to built the best custom Rom for outdated or devices which no longer received Software update from it manufacture.Last week on the May 2nd, 2020 Lineage Os Announce on twitter that on 8pm an attackers gain access to their server using two unpatched vulnerabilities in Salt which is an open source framework by saltslack. Which is used to manage server in a cloud server or data centre .
The vulnerabilities are
- CVE-2020-11651 which allow hackers to access the servers without any login credentials
- CVE-2020-11652 allow hackers /attacker to read arbitrary files
But in the post Lineage confirmed none of their Os has been affected and they were able to detect the hack on time and all their signing key ,builds and source are intact .Around 8PM PST on May 2nd, 2020 an attacker used a CVE in our saltstack master to gain access to our infrastructure.— LineageOS (@LineageAndroid) May 3, 2020
We are able to verify that:
- Signing keys are unaffected.
- Builds are unaffected.
- Source code is unaffected.
See https://t.co/85fvp6Gj2h for more info.