EXPLOIT Posts on XDA

Critical MediaTek rootkit affecting millions of Android devices has been out in the open for months

Critical MediaTek rootkit affecting millions of Android devices has been out in the open for months

March 2, 2020
On the first Monday of every month, Google publishes the Android Security Bulletin, a page that discloses all the security vulnerabilities and their patches submitted by Google themselves or other third-parties. Today was no exception: Google just made public the Android Security Bulletin for March 2020. One of the vulnerabilities that are documented in the...
Fortnite Installer could be abused to silently install apps on Galaxy phones

Fortnite Installer could be abused to silently install apps on Galaxy phones

August 24, 2018
The launch of Fortnite Mobile on Android hasn't been too great, especially since many of the supported devices really struggle to play the game with acceptable frame rates. The game launched as a Samsung Galaxy exclusive for only 3 days. The Fortnite Installer was first available on Samsung Galaxy Apps before Epic Games allowed non-Samsung...
Google acquires GraphicsFuzz, a firm which specializes in testing GPU reliability

Google acquires GraphicsFuzz, a firm which specializes in testing GPU reliability

August 6, 2018
Google has acquired GraphicsFuzz to improve GPU reliability within the Android ecosystem. GraphicsFuzz is a firm that specializes in testing GPU reliability by creating graphics driver testing technologies that can be used to find bugs in graphics drivers. The firm then discloses these bugs to GPU vendors, OEMs, or any other involved parties and works...
SunShine bootloader unlock (S-Off) tool now supports the HTC U12+

SunShine bootloader unlock (S-Off) tool now supports the HTC U12+

July 16, 2018
SunShine is a popular tool used primarily on HTC devices for enabling S-OFF. The tool was updated to support the HTC U11 earlier this year, and now it supports the HTC U12+. Without being able to S-OFF, modding HTC devices becomes a great difficulty. This release should open the door to the true modding capability...
OxygenOS 5.1.7 update for the OnePlus 6 fixes bootloader vulnerability

OxygenOS 5.1.7 update for the OnePlus 6 fixes bootloader vulnerability

June 15, 2018
Following a slew of updates for the OnePlus 6 since its launch, OxygenOS 5.1.7 is the first to offer strictly bug fixes and security enhancements. The first big fix for this update pertains to the bootloader vulnerability uncovered by a security researcher last week. It has been patched with an updated bootloader, so users are...
[Update: Fix] Bootloader Protection Bypass Discovered on OnePlus 6 (requires physical access)

[Update: Fix] Bootloader Protection Bypass Discovered on OnePlus 6 (requires physical access)

June 9, 2018
The OnePlus 6 was made official in the middle of last month. The device has only recently started to make its way into the hands of consumers and developers on our forums, and already we're hearing about the work that's being done. An official build of TWRP is already available and work is progressing nicely...
New Rowhammer Exploits use Hardware Vulnerabilities to Root LG, Samsung, and Motorola Devices

New Rowhammer Exploits use Hardware Vulnerabilities to Root LG, Samsung, and Motorola Devices

October 24, 2016
Google is constantly at war with hackers seeking to maliciously exploit security vulnerabilities in their products. Back in the middle of 2014, Google assembled a team of security analysts called 'Project Zero' to report zero-day exploits to the company so they can be patched before any nefarious third-party can take advantage of the undisclosed security hole....
2015 Samsung Lock Bypass Exploit Details Revealed

2015 Samsung Lock Bypass Exploit Details Revealed

April 13, 2016
In December of 2015 an exploit was revealed on Twitter that showed a Samsung Galaxy S6 lock screen being bypassed.https://twitter.com/rpaleari/status/674983960162787328Not much was revealed at the time other than the proof of concept. Now that the disclosure period has expired the details are making their way out to the public. The exploit was pushed to Github on Monday...
NorthBit Releases Metaphor Source on Github

NorthBit Releases Metaphor Source on Github

March 28, 2016
NorthBit Advanced Software Research released on Thursday source code related to their Metaphor exploit of Stagefright to the public. Metaphor has been making its run through the news cycle due to the large footprint of devices likely affected. NorthBit estimated the number of affected devices was at least 235 million - those running 5.0 or 5.1....
Lookout Discovers Trojanized Adware that Secretly Acquires Root Access

Lookout Discovers Trojanized Adware that Secretly Acquires Root Access

November 4, 2015
Publicly available root exploits are a godsend to consumers whose devices are locked. Exploits such as Towelroot easily enabled any user running on Android version KitKat and below to acquire root access with the click of a button. However, these methods are considered "exploits" for a reason. If an application like Towelroot can exploit your device's firmware to...
Stagefright Explained: The Exploit That Changed Android

Stagefright Explained: The Exploit That Changed Android

August 14, 2015
One of the strongest points of Android has primarily been its open source nature, which allows for stakeholders to fork, modify and redistribute the OS in a way that suits their particular needs. But this very advantage of being open source acts like a double-edged sword when it comes to the issues of malware and...