jerdog · Dec 17, 2012 at 08:00 am

Dangerous Exynos 4 Security Hole Demoed and Plugged by Chainfire

We recently told you about the Exynos4 security hole found by XDA Member alephzain. This is a security hole in the kernel that allows malicious code full access to all physical memory. XDA Elite Recognized Developer Chainfire would have none of it, and not only pointed out the security hole by creating an app that roots your device without ODIN, but also provided a way to plug it.

His application, aptly named ExynosAbuse APK, gains root privileges via the ExynosAbuse exploit and installs SuperSU. In addition, in version v1.10, it allows you to disable the exploit at boot. The downside of disabling the exploit is that your camera may break. However, this is not so bad considering how your device can no longer be compromised by this exploit. Lesser of two evils, right? If you absolutely must have your camera, the application allows you to re-enable the exploit.

Unlike the other app-based patches out there, Chainfire’s solution to patch on boot runs before any normal Android apps perform their launch after boot code, thus preventing that attack vector as well. One thing Chainfire points out is that the protections included in his APK are just workarounds, rather than actual fixes. For that, we’ll have to rely on our talented developers in the XDA Developer community or Samsung. (Do I hear crickets chirping?)

For more details on the exploit, you can head over to alephzain’s exploit thread or Chainfire’s application thread. When visiting the latter, be sure to help Chainfire test various Samsung devices by stating your device, its firmware, and whether the application and fix worked.


_________
Want something on the XDA Portal? Send us a tip!

jerdog

jerdog is an editor on XDA-Developers, the largest community for Android users. Jeremy has been an XDA member since 2007, and has been involved in technology in one way or another, dating back to when he was 8 years old and was given his first PC in 1984 - which promptly got formatted. It was a match made in the stars, and he never looked back. He has owned, to date, over 60 mobile devices over the last 15 years and mobile technology just clicks with him. In addition to being a News Editor and OEM Relations Manager, he is a Senior Moderator and member of the Developer and Moderator Committees at XDA. View jerdog's posts and articles here.
Emil Kako · May 23, 2015 at 12:31 pm · 3 comments

Which Features from Apple Watch Do You Think Android Wear Will Copy?

The Apple Watch and Android Wear are both growing platforms. Now that we've gotten the chance to see both of them in-depth, we can get a good idea of which directions the two are headed. We recently did a discussion and asked you what you thought the Apple Watch would copy from Android Wear. Today, we ask you the opposite. Which features do you think Android Wear will copy from the Apple Watch and why?

DISCUSS
Mario Tomás Serrafero · May 23, 2015 at 12:00 pm · 4 comments

XDA Picks: Best Apps of the Week (May 15 – 22)

Apps are at the front and center of any smartphone experience, and with over a million apps on the Google Play Store and new apps being submitted to our forums every day, staying up to date on the latest apps and games can be a hassle. At XDA we don’t discriminate apps - if it’s interesting, innovative, original or useful, we mention them. The XDA Portal Team loves apps too, and here are our top picks for this week.  ...

XDA NEWS
Emil Kako · May 22, 2015 at 10:35 pm · 5 comments

Other than XDA (of Course), What’s Your Favorite Site That Covers Android?

There is a number of other great sites that cover Android, so we're wondering which other sites our community likes to frequent. Tell us your favorite Android website and what about the site that makes it your favorite.

DISCUSS
Share This