Επικίνδυνο κενό ασφαλείας στους επεξεργαστές Exynos της Samsung

[gkontoletas]

Το κενό ασφαλείας επιτρέπει την πρόσβαση σε όλη τη φυσική μνήμη της συσκευής κάνοντας παιχνιδάκι την απόκτηση root δικαιωμάτων, παράλληλα όμως αφήνει την συσκευή εντελώς ανοικτή σε κακόβουλες επιθέσεις...

Recently discover a way to obtain root on S3 without ODIN flashing.
The security hole is in kernel, exactly with the device /dev/exynos-mem.
This device is R/W by all users and give access to all physical memory

• Samsung Galaxy S2
• Samsung Galxy Note 2
• MEIZU MX
• potentialy all devices who embed exynos processor (4210 and 4412) which use Samsung kernel sources.

The good news is we can easily obtain root on these devices and the bad is there is no control over it.

Ram dump, kernel code injection and others could be possible via app installation from Play Store. It certainly exists many ways
to do that but Samsung give an easy way to exploit. This security hole is dangerous and expose phone to malicious apps.
Exploitation with native C and JNI could be easily feasible.

http://forum.xda-developers.com/showthread.php?p=35469999#post35469999