jerdog · Dec 17, 2012 at 08:00 am

Dangerous Exynos 4 Security Hole Demoed and Plugged by Chainfire

We recently told you about the Exynos4 security hole found by XDA Member alephzain. This is a security hole in the kernel that allows malicious code full access to all physical memory. XDA Elite Recognized Developer Chainfire would have none of it, and not only pointed out the security hole by creating an app that roots your device without ODIN, but also provided a way to plug it.

His application, aptly named ExynosAbuse APK, gains root privileges via the ExynosAbuse exploit and installs SuperSU. In addition, in version v1.10, it allows you to disable the exploit at boot. The downside of disabling the exploit is that your camera may break. However, this is not so bad considering how your device can no longer be compromised by this exploit. Lesser of two evils, right? If you absolutely must have your camera, the application allows you to re-enable the exploit.

Unlike the other app-based patches out there, Chainfire’s solution to patch on boot runs before any normal Android apps perform their launch after boot code, thus preventing that attack vector as well. One thing Chainfire points out is that the protections included in his APK are just workarounds, rather than actual fixes. For that, we’ll have to rely on our talented developers in the XDA Developer community or Samsung. (Do I hear crickets chirping?)

For more details on the exploit, you can head over to alephzain’s exploit thread or Chainfire’s application thread. When visiting the latter, be sure to help Chainfire test various Samsung devices by stating your device, its firmware, and whether the application and fix worked.


_________
Want something on the XDA Portal? Send us a tip!

jerdog

jerdog is an editor on XDA-Developers, the largest community for Android users. Jeremy has been an XDA member since 2007, and has been involved in technology in one way or another, dating back to when he was 8 years old and was given his first PC in 1984 - which promptly got formatted. It was a match made in the stars, and he never looked back. He has owned, to date, over 60 mobile devices over the last 15 years and mobile technology just clicks with him. In addition to being a News Editor and OEM Relations Manager, he is a Senior Moderator and member of the Developer and Moderator Committees at XDA. View jerdog's posts and articles here.
Jimmy McGee · Jul 28, 2015 at 06:00 am · 1 comment

How Strong Is Your Connection? – XDA Xposed Tuesday

Everyone is always talking about their bars. How many bars of WiFi do they have? How many bars of 4G? What does a bar really represent? Does it give you any indication of the “strength” of the signal? Does it give you the throughput? If you had this information, you could know more about your data connections. In this episode of XDA Xposed Tuesday, XDA TV Producer TK reviews an Xposed Module that gives you the ability to put certain...

XDA NEWS
Mario Tomás Serrafero · Jul 27, 2015 at 11:29 pm · 2 comments

OnePlus 2 Announced: Specs, Price and Details

The OnePlus 2 has just had its Virtual Reality Launch event, and at the XDA Office we all watched it live to see the new Flagship Killer attempt to make us never settle for anything else. The event itself was streamed through the OnePlus 2 Launch application, and now that it is over, we know plenty about the specifications and everything the new device is offering.   The device features a premium design with metal edges and buttons and a...

XDA NEWS
Mike McCrary · Jul 27, 2015 at 03:19 pm · 2 comments

A Helpful Guide to Music Streaming Services

With the launch of Apple Music, music streaming services have recently gained a lot of consumer interest, and as usual, Apple's foray into the market has caused disruption, as competitors scramble to introduce new features and modify their pricing structures in order to better compete, and as fresh users new to the market continue to evaluate and decide which service would suit them the best.   While many people are quick to denounce all streaming services as being a variable of...

XDA NEWS