Samsung Promises Software Update As Quickly As Possible For Exynos Vulnerability

Samsung has confirmed recent reports of a security vulnerability that affects Exynos-equipped handsets, such as the Galaxy S II, Galaxy S III and Galaxy Note II. In a statement issued to AndroidCentral, the company acknowledged the “potential security issue” relating to the Exynos processor and promises to release a software patch, however a release timeframe has yet to be announced.

[quote]Samsung is aware of the potential security issue related to the Exynos processor and plans to provide a software update to address it as quickly as possible. The issue may arise only when a malicious application is operated on the affected devices; however, this does not affect most devices operating credible and authenticated applications. Samsung will continue to closely monitor the situation until the software fix has been made available to all affected mobile devices.[/quote]

The flaw, discovered by developers on the XDA Developers forum, left certain Exynos-powered devices vulnerable to malicious apps that could steal personal data, wipe data, and even brick handsets. It affected a number of Samsung’s own devices — including the hugely popular Samsung Galaxy S III, and the Samsung Galaxy Note II — plus some third-party handsets as well.

One of the developers at XDA forum, named Chainfire has already released an app based on the kernel exploit. “ExynosAbuse,” the newly released 1-click APK, uses the exploit in question to root a device with just a single click of a button.

On the flip side, alephzain pointed out that RAM dump, kernel code injection and other possible harms could be possible via app installation from the Play Store. Although there are many ways to inflict harm, Samsung has just provided yet another easy way to exploit, making the security hole more dangerous and exposing the phone to malicious apps

We will be looking out for more news on Samsung’s fix for its top Galaxy handsets – stay with us.