User alephzain at xda-developers reported yesterday that a severe vulnerability in the Samsung Galaxy S III, Galaxy S II, Galaxy Note II, and potentially several other devices, could give remotely downloaded apps the ability to read user data, brick phones, or perform other malicious activities. "The good news is we can easily obtain root on these devices and the bad is there is no control over it," alephzain writes. While many vulnerabilities that pop up require physical access to a phone, multiple developers indicate that this newly-identified issue is far more severe, since it could allow apps downloaded from the Google Play Store an easy way to exploit the devices.
According to xda-developers user supercurio, Samsung has been made aware of the security hole, but the company has not publicly acknowledged the issue. It's not clear what the risk is for users at this point — the vulnerability appears to only now be gaining publicity — but supercurio notes that "millions of vulnerable devices are out there now." (The vulnerability is suspected to potentially affect all devices with Exynos 4210 and 4412 processors that use Samsung code.) User Entropy512 adds that "this exploit changes things — there is a no root exploit that can be used by an app straight from the market, in the background, with little to no user intervention." We have reached out to Samsung for comment and will update you if the company responds.
Update: Samsung has notified Android Central that it is "currently in the process of conducting an internal review" in regard to the security hole. We'll update you if we receive any additional answers from the company about the issue, or its progress in addressing it.
We'll email you a reset link.
If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.
Choose an available username to complete sign up.
In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.