HITBSecConf2017 Amsterdam (April 10th - 14th)
Register Online Now!
Security exploit opens Samsung Galaxy S III, Note II to attack
The brilliant minds at XDA Developers have done it again; this time, a user by the name of alephzain claims to have discovered a vulnerability in multiple Samsung devices that gives access to all physical memory. The potential is huge: attackers could use malicious apps to wipe data and brick devices or, more likely, quietly access user data.
Alephzain first tested the vulnerability out on a Samsung Galaxy S III to root his device, but says the flaw also exists on the Samsung Galaxy S II, the Samsung Galaxy Note II, the Meizu MX, and potentially other devices that feature an Exynos processor (4210 and 4412) and use Samsung kernel sources.
While Samsung has yet to confirm the issue, it’s already being exploited. In fact, a senior moderator who calls himself Chainfire has created an APK file that uses Alephzain’s exploit, dubbed ExynosAbuse, to gain root privileges and install the latest release of SuperSU “on any Exynos4-based device.”