!!! ⇒ The remote infection works only if the exploit is working reliably for both "Remote to Local" and "Local to Root".
Device
|
Version
|
Remote to Local
|
Local to Root
|
Notes
|
Alcatel 4030D One Touch
|
4.1.1
|
YES
|
YES
|
|
CAT Compal B15
|
4.1.2
|
YES
|
YES
|
|
HTC One
|
4.4.3
|
NO
|
YES
|
Versions up to 4.4.3 are vulnerable but due to firmware customizations the browser might not be exploitable.
|
HTC Vision
|
2.3.3
|
NO
|
|
|
HTC Nexus One
|
2.3.6
|
NO
|
|
|
Huawei Ascend G6-U10
|
4.3
|
YES
|
YES
|
|
Huawei Ascend Y530
|
4.3
|
YES
|
YES
|
|
Huawei G730
|
4.3
|
YES
|
NO
|
Tested by customer.
|
Huawei P6-U06
|
4.2.2
|
YES
|
YES
|
|
Huawei P7-L10
|
4.4.2
|
NO
|
NO
|
|
LANIX ILIUM S220
|
4.2.2
|
NO
|
?
|
Tested by customer.
|
LG D405 L90
|
4.4.2
|
NO
|
YES
|
|
LG G2
|
4.2.2
|
YES
|
YES
|
|
LG P970
|
2.3.4
|
NO
|
YES
|
|
LG Nexus 4
|
4.2.2
|
NO
|
YES
|
|
|
4.3
|
NO
|
YES
|
|
LG Nexus 5
|
5.0.1
|
NO
|
NO
|
|
Motorola Nexus 6
|
5.0.1
|
NO
|
NO
|
|
Motorola XT1068
|
4.4.4
|
NO
|
NO
|
|
Motorola XT910
|
2.3.6
|
NO
|
|
|
Oppo X9007
|
4.3
|
YES
|
NO
|
Tested by customer.
|
Samsung GT-I9060
Galaxy G Neo
|
4.2.2
|
YES
|
?
|
The local2root exploit does NOT work on phones updated in 2014 or later.
|
Samsung GT-I9082L
Galaxy Grand Duos
|
4.2.2
|
YES
|
NO
|
Tested by customer.
|
Samsung GT-I9118
Galaxy Grand Duos
|
4.2.2
|
YES
|
NO
|
Tested by customer.
|
Samsung Galaxy Nexus
|
4.0.4
|
YES
|
YES
|
|
|
4.3
|
YES
|
YES
|
|
Samsung GT-N7000
Galaxy Note
|
4.1.2
|
YES
|
YES
|
|
Samsung GT-N7100
Galaxy Note 2
|
4.1.1
|
YES
|
YES
|
|
|
4.4.2
|
YES
|
YES
|
This phone uses a lucky firmware which runs an
unpatched version of Android Browser despite being version 4.4.2. This
is the ONLY instance we found of a 4.4.* phone which is still vulnerable
to this exploit.
|
Samsung GT-I9300
Galaxy S3
|
4.3
|
YES
|
YES
|
There are multiple editions and local versions of this phone, some of which may be not compatible with the exploits.
|
Samsung GT-I8190
Galaxy S3 Mini
|
4.1.1
|
YES
|
YES
|
|
|
4.1.2
|
YES
|
?
|
The local2root exploit does NOT work on phones updated in 2014 or later.
|
Samsung GT-I8260
|
4.1.2
|
YES
|
NO
|
Tested by customer.
|
Samsung Galaxy S4 Mini
|
4.2.2
|
NO
|
NO
|
This phone runs a patched version of the browser and is therefore not vulnerable.
|
Samsung Galaxy Tab 2 7.0
|
4.0.3
|
YES*
|
YES
|
Exploitation is not very reliable.
|
|
4.1.2
|
YES*
|
YES
|
Exploitation is not very reliable.
|
Samsung GT-I9000
Galaxy S
|
2.3.3
|
NO
|
|
|
|
2.3.6
|
NO
|
|
|
Samsung GT-I9100
Galaxy S2
|
4.0.3
|
YES
|
YES
|
|
|
4.0.4
|
YES
|
YES
|
|
|
4.1.2
|
YES
|
YES
|
|
Samsung GT-I9505
Galaxy S4
|
4.4.2
|
NO
|
?
|
The local2root exploit does NOT work on phones updated in 2014 or later.
|
Samsung GT-P5200
Galaxy Tab 3 10.1
|
4.2.2
|
NO
|
?
|
Tested by customer.
|
Samsung GT-S5570
|
2.3.6
|
NO
|
|
|
Samsung GT-G900F
Galaxy S5
|
4.4.2
|
NO
|
?
|
The local2root exploit does NOT work on phones updated in 2014 or later.
|
Samsung GT-N9005
Galaxy Note 3
|
4.4.2
|
NO
|
?
|
The local2root exploit does NOT work on phones updated in 2014 or later.
|
Samsung GT-P5100
Galaxy Tab 2 10.1
|
4.2.2
|
YES
|
YES
|
Tested by customer.
|
Samsung GT-S7580
Galaxy Trend Plus
|
4.2.2
|
YES
|
NO
|
Tested by customer.
|
Samsung GT-S7582
Galaxy S Duos 2
|
4.2.2
|
YES
|
NO
|
Tested by customer.
|
Samsung R830
Galaxy Galaxy Axiom
|
4.2.2
|
NO
|
?
|
Tested by customer.
|
Samsung SHV-E210K
Galaxy S3 Korean
|
4.3
|
YES
|
NO
|
Tested by customer.
|
Samsung SHV-E250S
Galaxy Note 2 LTE Korean
|
4.3
|
YES
|
NO
|
Tested by customer.
|
Samsung SM-G357FZ
Galaxy Ace 4/Style
|
4.4.4
|
YES
|
NO
|
Tested by customer.
|
Sony D2303 Xperia M2
|
4.4.2
|
NO
|
YES
|
|
Sony Ericsson LT18i
|
2.3.4
|
NO
|
|
|
Xiaomi Mi3
|
4.3
|
NO
|
YES
|
Exploitation is not reliable on this firmware. It might work in some cases.
|
ZTE Nubia Z5S Mini LTE
NX404H
|
4.3
|
YES
|
NO
|
Tested by customer.
|
- YES = exploit is working reliably.
- NO = exploit is not working or is working very unreliably.
See also: Available Exploits - Android