Thanks to XDA-Developer forum user alephzain, word is reaching the masses that a potential “severe vulnerability” exists in the Samsung Galaxy S III, Galaxy S II and Galaxy Note II along with several other Samsung devices. This vulnerability could provide a malicious way for remotely downloaded apps to read user data, brick phones and perform other malicious activities. In other words, this hole could allow a malicious app free reign over your smartphone’s memory, and basically take complete control of your device. Prepare tin foil hats.
“The good news is we can easily obtain root on these devices and the bad is there is no control over it,” alephzain writes.
Another XDA-Developer user, supercurio says Samsung has been notified of the security hole, but had not yet acknowledged the issue. That is until this morning when Samsung dropped word to Android Central that they are “currently in the process of conducting an internal review” in reference to the security hole. Supercurio says the potential exists for millions of devices to be in harms way, especially those with Exynos 4210 and 4412 processors that use Samsung code. Another XDA user, Entropy512 adds “this exploit changes things — there is a no root exploit that can be used by an app straight from the market, in the background, with little to no user intervention.”
At the time, we’d say go about your business and let Samsung do its thing and hope that this suspected security hole isn’t around for long.
Note: The Samsung Galaxy S III on T-Mobile uses a Qualcomm chip, so it won’t be affected, nor will the Galaxy S II, but the Note II does use an Exynos processor.
XDA Developers via The Verge, Android Central