Latest in Exploit

Image credit:

Security exploit opens Samsung Galaxy S III, Note II to attack, could let apps from Google Play write to Kernel

44 Shares
Share
Tweet
Share
Save

Sponsored Links

Amid the XDA community's ongoing quest to root every Android handset it comes across, one forum user appears to have found a serious exploit that affects certain Exynos devices. While fiddling with his Galaxy S III, XDA user Alephzain discovered a way to obtain root without flashing with Odin. The Samsung kernel apparently allows read / write access to all physical memory on the device, including the kernel itself. This makes for an easy root, Alephzain writes, but leaves devices open to attack -- allowing Kernel code injections and RAM dumps from malware-laden apps from the Google Play store.

It isn't the only avenue for attack on an Android handset, but it is an exceedingly easy attack. Luckily, a community fostered fix seems pretty simple too -- XDA user RyanZA has already created a patch to modify write permissions on affected devices -- though Galaxy S III users are reporting that the fix cripples the phone's camera app. So far, Alephzain has confirmed that the Galaxy S II, III, Note II and the Meizu MX are at risk, but notes that the exploit might work on any device running a Exynos 4210 or 4412 processor. Samsung has not yet made a comment about the vulnerability, but forum members say that the issue has been reported. As for the exploit's lasting implications? Head on over to the XDA forums to join the discussion.

Update: François Simond (aka Supercurio) wastes no time plugging holes, and has already released a root-free fix for the vulnerability. Simond's solution is wrapped up in a simple APK, and requires no root, no flashing and no special know-how. It can be enabled or disabled manually, too -- allowing Galaxy S III users to regain full use of their front-facing camera, which as previously stated, is disrupted by the fix. Best of all, it's free -- skip on over to Project Voodoo at the source to get protected.

Update 2: Our good friend Supercurio also brought our attention to a statement released by Samsung France to Le Monde: the company will be issuing an official patch "very quickly," and it emphasized that this is an issue "only if a malicious application is installed." Obviously, for now you can use Supercurio's patch to ease your mind.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
44 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget’s guide to Home Entertainment

Engadget’s guide to Home Entertainment

View
One of Linux's most important commands had a glaring security flaw

One of Linux's most important commands had a glaring security flaw

View
New leak shows Google’s Nest Mini comes with a wall mount

New leak shows Google’s Nest Mini comes with a wall mount

View
Harley-Davidson suspends LiveWire production over a charging glitch

Harley-Davidson suspends LiveWire production over a charging glitch

View
Uber lays off employees from Eats, self-driving cars and other teams

Uber lays off employees from Eats, self-driving cars and other teams

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr