XDA developer patches Samsung Exynos chip vulnerability

by: Robert TriggsDecember 17, 2012


Anyone worried about the Exynos chip exploit we covered yesterday? Well you should be able to sleep a little easier tonight, as one of the folks over at XDA-Developers has already created a fix for the issue. The concern is that malicious software could use the exploit to gain root access, and by extension all physical memory, on handsets running the Exynos 4210 and 4412 chips. Which means that all of Samsung’s recent flagship devices are vulnerable to this exploit.

However, XDA-Developer Chainfire was quick to address the problem and has provided a new apk which can be used either to root your phone using the exploit or block the vulnerability on boot. But there is a drawback; if you choose to block the exploit then your front camera on your Galaxy S3 and first-gen Galaxy Note may stop working. Whilst this may be an acceptable compromise for some, nobody would really want to be left with limited phone functionality permanently just to fix this problem.

Fortunately, Chainfire has this base covered as well, as the apk can be used to re-enable the exploit on reboot in order to regain full functionality of your device if you need it, just so long as your device is rooted.

The application also has a handy diagnostic tool which will tell you if your device is vulnerable before applying the fix. You don’t have to have rooted your device and won’t lose any data if you chose to apply the fix either.

It should be noted that the solutions provided by Chainfire are only workarounds and not actual fixes for the core problem. So I guess we’ll be waiting for official communication from Samsung before this problem is addressed fully. But I wouldn’t bet against the clever people at XDA having a fully working fix before that happens.

If you own one of the affected handsets and are worried about the security problems, then head over to the XDA forum thread to get hold of the download.

  • john

    Someone give this guy a medal.

  • [email protected]

    dont forget supercurio he released a app with the fix last night and it doesn’t need root ;)

    the guys all work together :)

    [link] http://project-voodoo.org/articles/instant-fix-app-for-exynos-mem-abuse-vulnerability-no-root-required-reversible [/link]

    • aCe manayan

      supercurio and chainfire (and another dev – i forgot the name.sorry =) work hand in hand if you saw the thread in XDA they have diff apk to address this problem. It depends now on the users what to choose from. Each APK have unique or different features. if am not mistaken Chainfire detailedly put the pros and cons of each apk :D

  • RarestName

    An APK file to root?!

    • Massamies

      YES! That’s the point in this exploit…ANY apk (downloaded from Play also) could get root access via this exploit, that’s why it’s very serious bug. I wonder, how long does it take for Samsung to even RESPONSE this…and publish a PATCH for this…?

  • Bree

    Waiting for the official Samsung patch for this. Not everyone is tech savvy and roots their s3. Nor do they are even aware of this issue. I bet out of the 30+. Million s3’s sold, only 3 million s3 owners are aware of this serious issue. Hurry up Samsung! I want the patch….and jelly bean!

  • Log

    Its worth noting that ONLY Chainfire’s fix completely disables the exploit, the fix by Supercurio and RyanZA only partly fix it and can still leave your device vulnerable (as demonstrated by Chainfiire’s exploit demo app). Right now there’s only two sure fire ways to fix this exploit and retain the camera. You can either apply Chainfire’s ExynosAbuse app and then use the different firmware libs to fix the camera (what I did on my S3, explanation on Chainfire’s XDA thread) or use a different kernel that is not vulnerable to it, such as AndreiLux’s Perseus kernel. Please read the relevant information on their XDA threads before flashing.

    I had to mention this because Supercurio’s fix is receiving so much media attention and people using this won’t be protected properly, and be lulled into a false sense of security. Having said that, my full respect and thanks goes to these people who work tirelessly to bring out these fixes and help protect us.