Rashek writes:
"The developers of Replicant, a pure Free-Software version of Android, claim to have discovered a security flaw in certain Samsung Galaxy phones and tablets . One so serious that it could potentially grant an attacker remote access to the device's file system.
The flaw lies in the software that enables communication between the Android OS and the device's radio modem, according to the Replicant project's Paul Kocialkowski. More information can be found at replicant's website."
(Score: 3) by Open4D on Thursday March 13 2014, @12:01PM
It seems from the Replicant webpage that the starting directory for access is /efs/root/ I don't know what this is exactly but it seems to be the kind of thing that the radio modem possibly should be able to get to.
But Replicant have used "../.." as a circumvention measure. So they can get access to path /data/radio/test using a request for this: ../../data/radio/test"
If the Samsung coder claimed to have mistakenly not accounted for the awesome power of "../.." - I would just about find that plausible - albeit with a heavy heart.