Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is a pretty serious security risk and it's highly recommended to make yourself immune ASAP. This is the kind of exploit that can go viral very quickly in Google Play and the results of a malicious process with root access can be very severe.

If your device is rooted, here is a very simple app that will let you toggle world-access permissions to the file and secure your device (until a true fix is released)

https://github.com/Ryan-ZA/exynosfix

https://github.com/Ryan-ZA/exynosfix/raw/master/exynosfix.ap...



Here's another link I found which does not require root.

http://project-voodoo.org/articles/instant-fix-app-for-exyno...


Thanks.

I've shortlinked the apk at http://bit.ly/exynosfix to allow easier downloading on the phone itself.


Hm... I want to download it but it is a sideload APK and I'm too paranoid. Hope Google releases a fix ASAP


It's a sideload APK so that you know exactly what you're downloading. Google Play search can often give you malware with an identical seeming name and icon to real apps. Since this app requires root, it's very important to know exactly what it does - that is why it is OSS and I highly recommend anybody who knows Java to double-check that the app is non-malicious.

Relying on Google Play for a root-requiring app is not in any way a guarantee of safety - you can upload a malicious app to Google Play, and it can sometimes be as much as 24 hours before it is taken down.

Correct method is to download the source from github, verify it is correct, and compile and build your own version. Failing ability for you to do that, get someone you trust to verify the code, and failing that, try and make sure that there are no comments about the app being malicious.


Less vulnerable, but now my camera doesn't work. Is there any way to fix that besides waiting for the official update?


Could the camera app be wrapped with this in a way that r/w is restored when the camera is launched, and then removed again when closed (back-grounded, home-screen press, whatever)? I can't check the APK myself right now, but seems at least plausible.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: