jerdog · Dec 17, 2012 at 08:00 am

Dangerous Exynos 4 Security Hole Demoed and Plugged by Chainfire

We recently told you about the Exynos4 security hole found by XDA Member alephzain. This is a security hole in the kernel that allows malicious code full access to all physical memory. XDA Elite Recognized Developer Chainfire would have none of it, and not only pointed out the security hole by creating an app that roots your device without ODIN, but also provided a way to plug it.

His application, aptly named ExynosAbuse APK, gains root privileges via the ExynosAbuse exploit and installs SuperSU. In addition, in version v1.10, it allows you to disable the exploit at boot. The downside of disabling the exploit is that your camera may break. However, this is not so bad considering how your device can no longer be compromised by this exploit. Lesser of two evils, right? If you absolutely must have your camera, the application allows you to re-enable the exploit.

Unlike the other app-based patches out there, Chainfire’s solution to patch on boot runs before any normal Android apps perform their launch after boot code, thus preventing that attack vector as well. One thing Chainfire points out is that the protections included in his APK are just workarounds, rather than actual fixes. For that, we’ll have to rely on our talented developers in the XDA Developer community or Samsung. (Do I hear crickets chirping?)

For more details on the exploit, you can head over to alephzain’s exploit thread or Chainfire’s application thread. When visiting the latter, be sure to help Chainfire test various Samsung devices by stating your device, its firmware, and whether the application and fix worked.


_________
Want something on the XDA Portal? Send us a tip!

jerdog

jerdog is an editor on XDA-Developers, the largest community for Android users. Jeremy has been an XDA member since 2007, and has been involved in technology in one way or another, dating back to when he was 8 years old and was given his first PC in 1984 - which promptly got formatted. It was a match made in the stars, and he never looked back. He has owned, to date, over 60 mobile devices over the last 15 years and mobile technology just clicks with him. In addition to being a News Editor and OEM Relations Manager, he is a Senior Moderator and member of the Developer and Moderator Committees at XDA.
Mario Tomás Serrafero · Mar 27, 2015 at 04:13 pm · 2 comments

Should You Get Wear? Wearer’s Practical Observations

Wear is said to not offer enough for mass adoption, even though its been in the market for over 9 months. I personally have a Gear Live which I purchased 8 months ago, and my experience with it has had its ups and downs throughout my time with it. For the longest time, I was not able to recommend the platform to anyone. Since then, a lot of updates have hit Wear watches, some improving battery life, others changing the...

XDA NEWS
GermainZ · Mar 27, 2015 at 01:15 pm · 2 comments

SlimRoms: Updates on the Horizon

SlimRoms' website has been experiencing technical difficulties for the last month or so, but it's good to know the team is working hard and is still on top of things. The SlimRoms GitHub repos are getting updated with some major changes showing up. Most notably, some projects are getting a new 5.1 branch: lp5.1! A new, revamped and open source website is also in the works, with a look inspired by material design. We also got a tip about an...

XDA NEWS
Emil Kako · Mar 27, 2015 at 12:47 pm · 3 comments

Your Favorite Wireless Charger?

Wireless charging is becoming more and more common as many OEMs are now starting to include this feature in their flagships. There are already dozens of wireless chargers to choose from on the market today, but quality definitely varies. For those of you who charge your devices wirelessly, let us know which charger is your favorite and why.

DISCUSS
Share This