SamsungLogo

Over the weekend, users over at XDA-developers have discovered a significant vulnerability in the kernel for a number of Samsung devices. Apparently, an application can exploit this vulnerability to gain full R/W access to all physical memory on devices that use the Exynos 4210 or 4412 chipsets, which power some of the most popular Android devices on the market, including the Galaxy S II, Galaxy S III, Galaxy Note and Galaxy Note 2. XDA members have created a patch for the vulnerability, but it causes the devices’ camera to become inoperable.

Samsung have been notified about the issue, but haven’t released any statement as yet.

Source: XDA-Developers.
Via: Talk Android.
5 Comments
newest
oldest most voted
Inline Feedbacks
View all comments
PointZeroOne
PointZeroOne
7 years ago

I like how you left out the part with how the device needs to be rooted for this exploit to work.

The article I read about this earlier in, had it hidden away in a sea of txt that it required root and wasn’t obvious from the title either.

opt
opt
Reply to  PointZeroOne
7 years ago

From what I gathered from the linked XDA post, this exploit can be used to gain root access. Doesn’t mean the phone needs to be rooted for apps to exploit this vulnerability

PointZeroOne
PointZeroOne
Reply to  opt
7 years ago

interesting, what I had read is that it requires root, maybe it was just the wording?

Nick Fletcher
Nick Fletcher
Reply to  PointZeroOne
7 years ago

the simple fix which applies the correct permissions to the /dev/exynos-mem location (and renders the camera inoperable) requires root. to actually use the exploit you do not need root, which is why this is so dangerous – apps can potentially gain root through this exploit, then using other bugs (eg eMMC superbrick bug), can physically damage the device and hard brick it, beyond even JTAG repair.

James Finnigan
James Finnigan
Reply to  PointZeroOne
7 years ago

Not sure what you were reading earlier, but from what I’ve read, the exploit can be used to gain root access. It affects all phones, rooted or not.