jerdog · Dec 17, 2012 at 08:00 am

Dangerous Exynos 4 Security Hole Demoed and Plugged by Chainfire

We recently told you about the Exynos4 security hole found by XDA Member alephzain. This is a security hole in the kernel that allows malicious code full access to all physical memory. XDA Elite Recognized Developer Chainfire would have none of it, and not only pointed out the security hole by creating an app that roots your device without ODIN, but also provided a way to plug it.

His application, aptly named ExynosAbuse APK, gains root privileges via the ExynosAbuse exploit and installs SuperSU. In addition, in version v1.10, it allows you to disable the exploit at boot. The downside of disabling the exploit is that your camera may break. However, this is not so bad considering how your device can no longer be compromised by this exploit. Lesser of two evils, right? If you absolutely must have your camera, the application allows you to re-enable the exploit.

Unlike the other app-based patches out there, Chainfire’s solution to patch on boot runs before any normal Android apps perform their launch after boot code, thus preventing that attack vector as well. One thing Chainfire points out is that the protections included in his APK are just workarounds, rather than actual fixes. For that, we’ll have to rely on our talented developers in the XDA Developer community or Samsung. (Do I hear crickets chirping?)

For more details on the exploit, you can head over to alephzain’s exploit thread or Chainfire’s application thread. When visiting the latter, be sure to help Chainfire test various Samsung devices by stating your device, its firmware, and whether the application and fix worked.


_________
Want something on the XDA Portal? Send us a tip!

jerdog

jerdog is an editor on XDA-Developers, the largest community for Android users. Jeremy has been an XDA member since 2007, and has been involved in technology in one way or another, dating back to when he was 8 years old and was given his first PC in 1984 - which promptly got formatted. It was a match made in the stars, and he never looked back. He has owned, to date, over 60 mobile devices over the last 15 years and mobile technology just clicks with him. In addition to being a News Editor and OEM Relations Manager, he is a Senior Moderator and member of the Developer and Moderator Committees at XDA. View jerdog's posts and articles here.
Jimmy McGee · Apr 27, 2015 at 06:00 am · 3 comments

3D Printable Mobile Microscope? Nexus 7 Discontinued – XDA TV

The Nexus 7 2013 has been discontinued on the Google Store! That and much more news is covered by Jordan when he reviews all the important stories from this weekend. Included in this weekend's news is the announcement of Xposed 3.0 Alpha 3 and be sure to check out the article talking about the 3D printable microscope for mobile devices. That's not all that's covered in today's video! Jordan talks about the other videos released this week on XDA TV. XDA...

XDA NEWS
Emil Kako · Apr 26, 2015 at 04:19 pm · 3 comments

Which Lockscreen Security Type Do You Use?

From pattern locks to the controversial face unlock, there are a number of different ways you can secure your Android phone's lockscreen. Some methods are clearly more secure than others, but it comes down to user preference at the end of the day. So, which lockscreen security type do you prefer and why?

DISCUSS
Chris Gilliam · Apr 26, 2015 at 12:00 pm · 4 comments

XDA Recap: This Week In Android (Apr 18 – 25)

Here in the digital XDA newsroom, we spend our days pouring over an average of 2,500 news items and forum threads every 24 hours. Only the most timely and interesting bits survive the editing process, but the portal's front page still sees weekly counts in excess of 100 posts. This is a glut of content to absorb, especially if following the news cycle isn't your full-time job. However, the tech world is vast, and the information must flow. With this in mind, please...

XDA NEWS
Share This