konstantine
09-07-15, 06:15
----------- [ Android Browser 4.0.x-4.3.x remote2local exploit ] ---------------
--------------------- [ Compatibility list and tests ] -------------------------
The remote2local exploit is compatible with the stock Android Browser
from version 4.0 to 4.3. The devices and versions tested are shown in the table
below.
R2L = Remote to Local
L2R = Local to Root
YES = exploit working reliably
NO = exploit not working or working very unreliably
| Device | Version | R2L | L2R | Notes |
| Alcatel One Touch | 4.1.1 | YES | YES | |
| CAT B15 | 4.1.2 | YES | YES | |
| HTC One | 4.x | NO | ? | (1) |
| LG G2 | 4.2.2 | YES | YES | |
| LG Nexus 4 | 4.2.2 | YES | YES | |
| Samsung Galaxy Nexus | 4.0.4 | YES | YES | |
| Samsung Galaxy Nexus | 4.3 | YES | YES | |
| Samsung Galaxy Note | 4.1.2 | YES | YES | |
| Samsung Galaxy Note 2 | 4.1.1 | YES | YES | |
| Samsung Galaxy S2 | 4.0.4 | YES | YES | |
| Samsung Galaxy S3 | 4.3 | YES | NO | |
| Samsung Galaxy S3 Mini | 4.1.1 | YES | YES | |
| Samsung Galaxy S4 Mini | 4.2.2 | NO | NO | (2) |
| Samsung Galaxy Tab 2 7.0 | 4.0.3 | YES* | YES | (3) |
| Samsung Galaxy Tab 2 7.0 | 4.1.2 | YES* | YES | (3) |
| Huawei Ascend Y530 | 4.3 | YES | NO | |
(1): Versions up to 4.4.3 are vulnerable but due to phone
peculiarities the browser might not be exploitable
(2): This phone runs a patched version of the browser and is therefore
not vulnerable
(3): Exploitation is not very reliable
--------------------- [ Compatibility list and tests ] -------------------------
The remote2local exploit is compatible with the stock Android Browser
from version 4.0 to 4.3. The devices and versions tested are shown in the table
below.
R2L = Remote to Local
L2R = Local to Root
YES = exploit working reliably
NO = exploit not working or working very unreliably
| Device | Version | R2L | L2R | Notes |
| Alcatel One Touch | 4.1.1 | YES | YES | |
| CAT B15 | 4.1.2 | YES | YES | |
| HTC One | 4.x | NO | ? | (1) |
| LG G2 | 4.2.2 | YES | YES | |
| LG Nexus 4 | 4.2.2 | YES | YES | |
| Samsung Galaxy Nexus | 4.0.4 | YES | YES | |
| Samsung Galaxy Nexus | 4.3 | YES | YES | |
| Samsung Galaxy Note | 4.1.2 | YES | YES | |
| Samsung Galaxy Note 2 | 4.1.1 | YES | YES | |
| Samsung Galaxy S2 | 4.0.4 | YES | YES | |
| Samsung Galaxy S3 | 4.3 | YES | NO | |
| Samsung Galaxy S3 Mini | 4.1.1 | YES | YES | |
| Samsung Galaxy S4 Mini | 4.2.2 | NO | NO | (2) |
| Samsung Galaxy Tab 2 7.0 | 4.0.3 | YES* | YES | (3) |
| Samsung Galaxy Tab 2 7.0 | 4.1.2 | YES* | YES | (3) |
| Huawei Ascend Y530 | 4.3 | YES | NO | |
(1): Versions up to 4.4.3 are vulnerable but due to phone
peculiarities the browser might not be exploitable
(2): This phone runs a patched version of the browser and is therefore
not vulnerable
(3): Exploitation is not very reliable