An XDA Developers forum member operating under the handle alephzain has created an exploit that obtains root privileges and enables malicious application installation on the many Samsung devices that contain Exynos 4210 and 4412 processors.
The list of devices that use the affected processors includes the Samsung Galaxy S II, Samsung Galaxy Tab 7.0 Plus, Samsung Galaxy Note, Samsung Galaxy Tab 7.7, Hardkernel ODROID-A, Meizu MX 2-Core, Cotton Candy by FXI Tech, ORIGEN 4 Dual, some Samsung Galaxy S IIIs, Samsung Galaxy Note 10.1, LenovoK860, Newman N2, Meizu MX4-Core, Hardkernel ODROID-X, ORIGEN 4 Quad, Samsung Galaxy Note II, and Meizu MX2.
Alephzain’s exploit can root any Exynos 4210 or 4412 device without requiring an Odin flash that most similar root exploits require, according to XDA’s Joseph Hindy.
In his explanation of the bug, Alephzain explains that the vulnerability could expose devices to malicious applications in the Play Store and allow for RAM dump, kernel code injection, and other possible problems.
Another XDA member, using the alias Chainfire, confirmed the vulnerability’s efficacy by creating an application called ExynosAbuse APK that uses the exploit to root vulnerable devices. The latest version of the application uses its newly gained root privileges and offers users the ability to disable the vulnerability at boot. XDA warns that choosing to do so may negatively impact camera applications on certain devices.