Exploit found to affect Samsung Galaxy S III and others, could allow malicious apps to grab user data

Alex Wagner
Editorial Director of News and Content from  Omaha, NE
| December 16, 2012

Samsung Galaxy Note II rear

Heads up, owners of Samsung Exynos-based Android handsets, because a new exploit has been discovered on some Exynos 4 products that has the potential to do some nasty stuff. XDA-developers forum member alephzane has discovered a vulnerability that could allow malicious apps to access a device's physical memory and do things like read user data or brick some hardware. It's suspected that the exploit could affect devices that have an Exynos 4210 or 4412 processor and a Samsung kernel source.

Another XDA user by the name of Chainfire has created an .apk file that utilizes the ExynosAbuse security hole to gain root privileges and install the SuperSU software on a device. So far the file has been found to be compatible with the international versions of the Galaxy S II, S III, Note, Note II, and Note 10.1, as well as Verizon's Note II.

Samsung has yet to officially comment on this vulnerability, but XDA user Chainfire says that the forum thread concerning the exploit has been flagged for Samsung engineers to read, and user supercurio claims that some people at Samsung are now aware of the issue. As always, users should exercise caution when downloading apps from Google Play and try to stick to software from trusted sources. We'll give you a shout once more information about this vulnerability and a possible fix comes out.

Via The Next Web, XDA-developers (1), (2)