A suspected fault in how Samsung Electronics has implemented the Android's kernel in several of its devices could allow a malicious application to gain total control over the device.
The vulnerability was described on Saturday by the user "alephzain" on XDA Developers, a forum for mobile developers. It affects devices using the Exynos processor models 4210 and 4412. Alephzain wrote that the issue was a "huge mistake." (See also "Mobile Malware: It's bad now, but will be worse in 2012.")
By Sunday, another developer on the forum, Chainfire, had posted an Android application package (.apk) file that will successfully exploit the vulnerability.
"You should be very afraid of this exploit," Chainfire wrote. "Any app can use it to gain root without asking and without any permissions on a vulnerable device."
To read this article in full or to leave a comment, please click here


More...