It is not exactly a good day for users who have a terminal with SoC manufactured by Samsung, specifically the Exynos latest generation. Apparently, and always according to the developers of XDA DevelopersThere could be a security hole in the devices that use them, allowing access to device control via an app. Shocking, right?
Apparently, by using this flaw, the device in question can be unprotected without using the Odin program, common for this process in models that use the Korean company's processor. According to the information provided (which can be accessed from this link), the hole is in the kernel of the operating system specifically in the address / dev / exynos-mem which, surprisingly, allows read and write options for all users and, the consequence of this, is that you have access to the physical memory of the terminal.
As we have said, the positive side of this is that it is possible to root (unprotect) the device, but it has a “dark side”: with write access available for all users, a simple application downloaded from Google Play can access and Therefore, you can use malicious code on a phone or tablet. Therefore, it is not a minor problem and there are risks of data loss and even control of certain sections of the affected terminals, which are the ones used by the SoC Exynos 4210 and 4412:
- Samsung Galaxy GT-I2 S9100
- Samsung Galaxy GT-I3 S9300
- S3 LTE Samsung Galaxy GT-I9305
- Samsung Galaxy Note GT-N7000
- Samsung Galaxy Note GT-2 N7100
- Verizon Galaxy Note 2 SCH-I605
- Samsung Galaxy Note GT-10.1 N8000
- Samsung Galaxy Note GT-10.1 N8010
Possible solutions
While waiting for a reaction from Samsung, which has already been notified of the error and is surely in the phase of solving what happened (for which a software update is necessary), the first thing that has been tried by the developers is remove read and write privileges, but when doing this the terminal camera stops working, as you can see in the image below.
Luckily, a reputable developer at XDA Developers, named Chainfire, has created an application in a forum thread that fixes the bug at a low level (directly in the kernel) and disables the security hole. You can find in this link the APK and, first of all, indicate that if you proceed with the installation and execution this is done at the user's own risk, since it is not an official correction. There is also an option to get a solution thanks to Project Voodoo (link), but it is also made by an independent developer.
The fact is that the problem seems real and let's hope make Samsung react quickly This isn't exactly a minor issue. A significant challenge for the Korean company, which affects its most important devices, such as the Samsung Galaxy S3 and Galaxy Note 2.
What is Exynos Abuse and how does it impact security?
The problem popularized as ExynosAbuse is based on a permissions error at the node / dev / exynos-mem, which leaves the physical memory exposed to reading/writing by any process. This allows from root in one click until a malicious app can inject code into the kernel or exfiltrate data from RAM. The XDA community has demonstrated that the exploit can be used for both legitimate purposes (gaining privileges) and for stealth attacks.
In addition to the models listed above, various reports indicated that other devices with Exynos 4 could be affected, including variants such as Galaxy Tab 7.7 and brands that integrated these SoCs (for example, some Meizu o Lenovo). Instead, there were references to teams with Exynos 5 that would not be vulnerable under these same conditions.
Samsung itself noted that the risk materializes especially if the user installs untrusted applications that specifically exploit compromised internal files. However, the manufacturer confirmed that it would work on official updates to permanently mitigate the failure on your devices.
Official Samsung response and available patches
Following pressure from the Android community and specialized media, Samsung published a firmware revision for Galaxy S3 which closed the hole identified in ExynosAbuse. This update, referenced as XXELLA within 4.1.2 Android Jelly Bean, was distributed via OTA and began its phased deployment, reaching markets such as United Kingdom and spreading to European countries such as Germany, Austria, Belgium, Hungary, Italy and SpainIf your device is still supported, it is recommended that you periodically check for patch availability in Settings > Software update > Download and install, making sure you have enough battery and connection WiFi before starting the process.
The Android ecosystem demonstrates that security is dynamic: in addition to Exynos Abuse, there have been relevant vulnerabilities in components such as the Mali GPU (documented by Google Project Zero) and, in the Exynos family, failures formally identified as CVE-2024-44068 that affect chips Exynos 9820, 9825, 980, 850 and W920. Samsung publishes monthly safety bulletins that fix both common Android bugs and Galaxy-specific issues; if your device is old and no longer receives patches, it's essential to be extremely careful with the apps you install.
Manual patch installation on Galaxy S3 using ODIN (at your own risk)
For those who prefer not to wait for the OTA in the Galaxy S3 (GT-I9300 international), it was possible to manually install the firmware I9300XXELLA using ODINThis method is intended for advanced users and involves risks (data loss or failure if incorrect files are used). Key recommendations:
- Make a backup Complete and charge the battery above the 80%. Install the drivers from Samsung on the PC.
- Download the official firmware suitable for your model (file .md5) and unzip it if necessary.
- Start the mobile in Download Mode with the usual button combination (usually Power + Home + Volume Down, in some cases volume up), and connects by USB.
- Opens ODIN and check that the port ID: COM appears active. Make sure that Re-Partition NO is marked; leave only Auto Reboot y F. Reset Time.
- press PDA (or AP in newer versions) and select the file .md5. If the package includes MODEM/CSC/PIT, load them into their slots; if not, leave them empty.
- Press Start and wait for the process to finish. The computer will restart with the patch applied.
Those who opted for the fastest route in the community, turned to the app of Chainfire for root plus, patch the exploit at a low level. Alternatively, Project voodoo offered a reversible mitigation utility without the need for root. Remember: these solutions unofficial They are effective but they are executed at your own risk and can affect system functions such as camera, if they disable access to / dev / exynos-mem in a blunt manner.
Good practices to minimize risk
To reduce your exposure to this and other bugs: install apps only from reliable sources; check the permits that they request; keep the system and the apps updated; and avoid downloading software from unknown sources. Samsung has addressed other incidents in the past, such as the “sudden death” and publishes corrections on a regular basis, but the first line of defense is always the user behavior.
Discovering an exploit can be helpful to the community and the advancement of the ecosystem, but it also opens the door to attackers. In the case of ExynosAbuse, the combined reaction of independent developers (XDA, Chainfire, Project Voodoo), projects like CyanogenMod and the official patch Samsung's updates have contained the issue. If your device is still on the support list, check for the update; if not, take additional precautionary measures.
Security on Exynos mobiles is not limited to a single case: new security bulletins They are fixing critical vulnerabilities in Galaxy components and the Android chain. Update frequently from Settings > Software update and avoid installing APKs outside the store unless you know exactly what you're doing. So, even in scenarios where there are bugs like ExynosAbuse or identifiers like CVE-2024-44068, your actual exposure is kept under control.
