alephzain explains that the Exynos device file in the kernel
/dev/exynos-mem allows read/write permissions to all users. Many have suggested that a simple fix would be to change the permissions to chmod value 0660 or 0600. Though forum member AndreiLux suggest that this may disrupt camera services on the device and a better solution involving “limit[ing] the access to the DMA memory spaces”
Then …. yes, 🙂 a point and click exploit APK program has been made to allow users to run the exploit and obtain super user privileges. It also allows you to patch the exploit and un-patch it as well. The APK file has been posted on the XDA-Developers thread, authored by Chainfire.
On a side note, the name “alephzain” kind of translates to “thousand good” or “a thousand good things” 🙂
** EDIT **
Just used Chainfire’s exploit APP. Works like a charm on my Samsung Galaxy S3! Now I can use the firewall to block apps from getting ads.
There seems to be a vulnerability in TouchWiz, Samsung’s touch interface. It appears that the "tel" type in the "<a>" tag will not prompt you for confirmation if the number being dialed is a system command.
For instance, because we love humor and the misfortune of others, we have this HTML page:
<html> <head></head> <body> <a href='tel:*2767*3855%23'>Click here for customer support</a> </body> </html>
When our dear friend on their Samsung device clicks the link, they will hard-reset their phone with no confirmation. It seems that it will only prompt you if the number is one that will cost you $$$ for making a call.
WARNING – Feeling adventurous and want to try it out on your self? Do it at your own risk, it will erase all data on your phone and revert it to factory settings.
Some crazy iPhone fanboi is offering up the link for all to click on 🙂
***** UPDATE *****
The H-Online reported that there is a new app on the Google Play that will intercept and prevent hard-resets from the above exploit. The app is called NoTelUrl developed by Jörg Voss.