Instant fix app for Exynos Mem Abuse vulnerability, no root required, reversible

Earlier today, talented developer alephzain described a security vulnerability affecting most if not all Exynos 4 devices, which represent dozen of millions gadget out there.
Unfortunately he also released a working exploit with complete source code before the various vendors affected (Samsung, Meizu and surely others) were made aware of it, leading to a severe security issue without accessible fix for now.
I wrote then an application to circumvent the issue while manufacturer patch the security hole and publish OTA updates.
Characteristics of this app:
  • Works on any device, let you know if your system is vulnerable
  • Doesn’t require root to apply the fix
  • Doesn’t modify your system, copy files or flash anything
  • Fix can be enabled or disable at will
  • Free of charge
Limitations:
  • Break proper function of the Front camera on some Galaxy S III and Galaxy Note II Samsung official firmwares when activated.
    Workaround: enable HDR or Low light photography camera mode. Both blend multiple exposures.
  • Might alter MHL/HDMI output functions on some devices (not confirmed)
  • Cannot protect efficiently against some potential attacks (typically, on boot).
    The real fix by manufacturers or some carefully written custom kernels will indeed be the only true solutions to this vulnerability − and won’t introduce any feature regression like this one does with some firmwares on cameras.
  • Comes without any kind of support or warranty.
Source and details:
http://project-voodoo.org/articles/instant-fix-app-for-exynos-mem-abuse-vulnerability-no-root-required-reversible

0 yorum: