Reference : News @ XDA
The Exploit source : 1
The Exploit source : 2
XDA user alephazin has discovered a vulnerability in Exynos processors version 4210 and 4412 that essentially allows any Android app to access and control the whole device :
That means - A newly written exploit could be incorporated into any application that would have root-level permissions on a device. Risking private data and opening root permissions.
Some of the devices that could be affected are
Sr. dev on XDA Chainfire has already created app ExynosAbuse to gain root privileges and install the latest release of SuperSU “on any Exynos4-based device.â€
------
Other references :
Ref 1
Ref 2
The Exploit source : 1
The Exploit source : 2
XDA user alephazin has discovered a vulnerability in Exynos processors version 4210 and 4412 that essentially allows any Android app to access and control the whole device :
Recently discover a way to obtain root on S3 without ODIN flashing.
The security hole is in kernel, exactly with the device /dev/exynos-mem. This device is R/W by all users and give access to all physical memory … what’s wrong with Samsung ? […]
The good news is we can easily obtain root on these devices and the bad is there is no control over it.
Ram dump, kernel code injection and others could be possible via app installation from Play Store. It certainly exists many ways to do that but Samsung give an easy way to exploit. This security hole is dangerous and expose phone to malicious apps. Exploitation with native C and JNI could be easily feasible.
That means - A newly written exploit could be incorporated into any application that would have root-level permissions on a device. Risking private data and opening root permissions.
Some of the devices that could be affected are
- Samsung Galaxy S2 GT-I9100
- Samsung Galaxy S3 GT-I9300
- Samsung Galaxy S3 LTE GT-I9305
- Samsung Galaxy Note GT-N7000
- Samsung Galaxy Note 2 GT-N7100
- Verizon Galaxy Note 2 SCH-I605 (with locked bootloaders)
- Samsung Galaxy Note 10.1 GT-N8000
- Samsung Galaxy Note 10.1 GT-N8010.
Sr. dev on XDA Chainfire has already created app ExynosAbuse to gain root privileges and install the latest release of SuperSU “on any Exynos4-based device.â€
------
Other references :
Ref 1
Ref 2