- Joined
- Mar 10, 2012
- Messages
- 1,895
- Points
- 0
Amid the XDA community's ongoing quest to root every Android handset it comes across, one forum user appears
to have found a serious exploit that affects certain Exynos devices. While fiddling with his Galaxy S III, XDA user
Alephzain discovered a way to obtain root without flashing with Odin.
The Samsung kernel apparently allows read / write access to all physical memory on the device, including the kernel
itself. This makes for an easy root, Alephzain writes, but leaves devices open to attack -- allowing Kernel code
injections and RAM dumps from malware-laden apps from the Google Play store.
It isn't the only avenue for attack on an Android handset, but it is an exceedingly easy attack. Luckily, a community
fostered fix seems pretty simple too -- XDA user RyanZA has already created a patch to modify write permissions on
affected devices -- though Galaxy S III users are reporting that the fix cripples the phone's camera app.
So far, Alephzain has confirmed that the Galaxy S II, III, Note II and the Meizu MX are at risk, but notes that the exploit
might work on any device running a Exynos 4210 or 4412 processor. Samsung has not yet made a comment about the
vulnerability, but forum members say that the issue has been reported.
to have found a serious exploit that affects certain Exynos devices. While fiddling with his Galaxy S III, XDA user
Alephzain discovered a way to obtain root without flashing with Odin.
The Samsung kernel apparently allows read / write access to all physical memory on the device, including the kernel
itself. This makes for an easy root, Alephzain writes, but leaves devices open to attack -- allowing Kernel code
injections and RAM dumps from malware-laden apps from the Google Play store.
It isn't the only avenue for attack on an Android handset, but it is an exceedingly easy attack. Luckily, a community
fostered fix seems pretty simple too -- XDA user RyanZA has already created a patch to modify write permissions on
affected devices -- though Galaxy S III users are reporting that the fix cripples the phone's camera app.
So far, Alephzain has confirmed that the Galaxy S II, III, Note II and the Meizu MX are at risk, but notes that the exploit
might work on any device running a Exynos 4210 or 4412 processor. Samsung has not yet made a comment about the
vulnerability, but forum members say that the issue has been reported.
