CVE-2012-6422
published 2012-12-18CVE-2012-6422: The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak…
PriorityP349critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
15.16%
96.3th percentile
The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges via a crafted application, as demonstrated by ExynosAbuse.
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Fortinet
Unmasking Android Malware: A Deep Dive into a New Rootnik Variant, Part II
blogs_fortinet·2017-07-09
Unmasking Android Malware: A Deep Dive into a New Rootnik Variant, Part II
FORTIGUARD LABS THREAT RESEARCH
Unmasking Android Malware: A Deep Dive into a New Rootnik Variant, Part II
By Kai Lu | July 09, 2017
In part I of this blog, I finished the analysis of the native layer of a newly discovered Rootnik malware variant, and got the decrypted real DEX file. Here in part II, we will continue our analysis.
A look into the decrypted real DEX file
The entry of the decrypted DEX file is the class demo.outerappshell.OuterShellApp. The definition of the class OuterShellApp is shown below.
Figure 1. The class demo.outerappshell.OuterShellApp
We will first analyze the function attachBaseContext(). The following is the function aBC() in the class LinkInnerShell.
Figure 2. The function aBC() in the class LinkInnerShell
The program uses DexClassLoader to dynamically
Fortinet
Deep Analysis of Android Rootnik Malware Using Advanced Anti-Debug and Anti-Hook, Part II: Analysis of The Scope of Java
blogs_fortinet·2017-01-26
Deep Analysis of Android Rootnik Malware Using Advanced Anti-Debug and Anti-Hook, Part II: Analysis of The Scope of Java
FORTIGUARD LABS THREAT RESEARCH
Deep Analysis of Android Rootnik Malware Using Advanced Anti-Debug and Anti-Hook, Part II: Analysis of The Scope of Java
By Kai Lu | January 26, 2017
In part I of this blog we finished the analysis of the native layer and got the decrypted secondary dex file. Here in part II we will continue to analyze it. For the sake of continuity, we will maintain continuous section and figure numbers from part I of the blog.
IV. The secondary dex file
The following is the decrypted file, which is a jar format file. It is loaded dynamically as the secondary dex via multidex scheme.
Figure 25. The decrypted secondary apk file containing the dex file
After decompressing the file “decrypt.dump,” you can now see a file named “classes.dex” located in the folder.
Next, l
http://arstechnica.com/security/2012/12/developer-warns-of-critical-vulnerability-in-many-samsung-smartphones/http://forum.xda-developers.com/showthread.php?p=35469999http://forum.xda-developers.com/showthread.php?t=2051290http://osvdb.org/88467http://project-voodoo.org/articles/instant-fix-app-for-exynos-mem-abuse-vulnerability-no-root-required-reversiblehttp://www.sammobile.com/2012/12/16/major-vulnerability-found-on-exynos-4-devices/http://www.securityweek.com/new-vulnerability-exposed-samsungs-android-deviceshttp://arstechnica.com/security/2012/12/developer-warns-of-critical-vulnerability-in-many-samsung-smartphones/http://forum.xda-developers.com/showthread.php?p=35469999http://forum.xda-developers.com/showthread.php?t=2051290http://osvdb.org/88467http://project-voodoo.org/articles/instant-fix-app-for-exynos-mem-abuse-vulnerability-no-root-required-reversiblehttp://www.sammobile.com/2012/12/16/major-vulnerability-found-on-exynos-4-devices/http://www.securityweek.com/new-vulnerability-exposed-samsungs-android-devices
2012-12-18
Published