ExynosAbuse APK released !
Posted by Chainfire on 16-12-2012 at 22:55:00 - Comments: 187 - Views: 79060
Project: ExynosAbuse - Tags: Android Good news Bad news
Project: ExynosAbuse - Tags: Android Good news Bad news
Yesterday, alephzain released details on a new exploit for Exynos4-based devices on XDA. After validating it worked, the first thing I did was relay the information to every Samsung Engineer I have a business card from - and I know it is being escalated.
This exploit is very scary, as several flagship Samsung devices are affected (SGS2 and 3, Note1 and 2), and any APK can use it to gain root privileges without any special permissions at all.
First, I coded up ExynosAbuse APK to use this vulnerability to "properly" root your device and install SuperSU.
Later today I added the capability to disable the exploit, if wanted at boot (before any Play-installed app can run to abuse the exploit).
This disabling is a work-around rather than a true fix, and it requires your device to be rooted with "su" support (for example a working SuperSU - which can be installed by the app itself - or Superuser installation) and on some devices it disables the camera. It is the quickest and easiest way to prevent the exploit from being used, though.
You can download and install the app from XDA-Developers here: http://forum.xda-developers.com/showthread.php?t=2050297
This exploit is very scary, as several flagship Samsung devices are affected (SGS2 and 3, Note1 and 2), and any APK can use it to gain root privileges without any special permissions at all.
First, I coded up ExynosAbuse APK to use this vulnerability to "properly" root your device and install SuperSU.
Later today I added the capability to disable the exploit, if wanted at boot (before any Play-installed app can run to abuse the exploit).
This disabling is a work-around rather than a true fix, and it requires your device to be rooted with "su" support (for example a working SuperSU - which can be installed by the app itself - or Superuser installation) and on some devices it disables the camera. It is the quickest and easiest way to prevent the exploit from being used, though.
You can download and install the app from XDA-Developers here: http://forum.xda-developers.com/showthread.php?t=2050297