Participants authoritative forum XDA Developers, on mobile devices, today announced a new discovery. User under the pseudonym ‘alephzain’ said discovered a vulnerability in several devices Samsung, and this vulnerability opens the application access to all physical memory.
The danger is very serious: attackers can use a malicious application for data destruction and conversion of the unit into a useless ‘brick’. Another, more likely scenario, is inconspicuous abduction secret user data.
User ‘Alephzain’ first look for vulnerabilities on the device Samsung Galaxy S III, when he tried to get the Root-access. It later turned out that similar problems exist in devices Samsung Galaxy S II, Samsung Galaxy Note II and the Meizu MX. Strictly speaking, the problem can manifest itself in any devices that use a processor Exynos (4210 and 4412) and the code of corporate Android-core from Samsung.
Samsung has not yet officially responded to reports of a security, although already documented cases of its successful use. Senior moderator XDA Developers, aka ‘Chainfire’, made ready to play package APK called ExynosAbuse, where vulnerability, the user opens Alephzain, used to get Root-privileges and install the latest version of the utility SuperSU ‘on any machine with processors Exynos4’.
Reports of enthusiastic developers mention the following devices Affected: Samsung Galaxy S2 GT-I9100, Samsung Galaxy S3 GT-I9300, Samsung Galaxy S3 LTE GT-I9305, Samsung Galaxy Note GT-N7000, Samsung Galaxy Note 2 GT-N7100, Verizon Galaxy Note 2 SCH-I605 (with locked bootloader), Samsung Galaxy Note 10.1 GT-N8000 and Samsung Galaxy Note 10.1 GT-N8010.
It is worth noting that not all malware for Android can use this specific vulnerability. In addition, many devices are not affected by this threat simply because it built on other processors. Thus, the user under the pseudonym Supercurio confirmed that the Nexus tablet 10 is not exposed to danger, since it uses Exynos chip 5. It is now known that the information from the XDA forum came to the engineers of Samsung. To the delight of people who are worried about the safety of their Android-devices, the same user Supercurio has released an unofficial patch that eliminates the vulnerability.
This fix it is possible to find on a site Project Voodoo at the address http://project-voodoo.org/articles/instant-fix-app-for-exynos-mem-abuse-vulnerability-no-root-required-reversible .