Devices running Samsung’s Exynos 4-based processors (4210 and 4412) including the Galaxy S III and Galaxy Note II have been shown to be vulnerable to a hack with potentially serious ramifications. A developer on the XDA Developers forum @alephzain uncovered the vulnerability, which could give a malicious app the ability to wipe data, brick a device or access a user’s data without their knowledge.
Devices that are vulnerable to attack appear include any device that runs the Exynos 4-based designs, coupled with Samsung’s kernel sources. This means that devices including the Meizu MX are also vulnerable to the same exploit along with other Samsung devices. Although no known software uses the exploit maliciously, a senior moderator on the XDA Developers forum @Chainfire has written an APK exploiting the loophole gaining root priveleges “on any Exynos 4-based device.”
Another programmer @Supercurio has released a quick fix through Project Voodoo that closes the hack, however, it will depend on Samsung to ensure that the gaping security hole is properly. XDA Developers have contacted Samsung about the matter and report that the company is aware of the issue. However, Samsung had yet to publicly acknowledge the issue at the time of writing.
Samsung Galaxy S III security fix reportedly rolling out to UK users
On 2nd January, Samsung pushed a software update (I9300XXELLA) to the Galaxy S III and we can confirm that the new software update fixes the infamous Exynos 4 vulnerability. The security flaw was in the kernel which made the device R/W by all users, apps and gave access to full Physical Memory. In short, this vulnerability gave root permissions to *any* app and there was no control over it but now with the new system update the security hole has been patched.
We believe that the new system update also fixes the sudden death issue as the new firmware ships with brand new bootloaders and this is the first time Samsung has updated the bootloaders of the device since it started shipping back in May 2012. But, we can’t confirm if sudden death issue has been resolved or not as Samsung is the only one who can confirm about the fix.
For now the new software update is only available for the United kingdom (BTU) but we expect other countries to follow soon. We would urge Galaxy S III users to immediatly update their device to the latest firmware via Kies or OTA (Over-The-Air).
- Official Firmware Details:
Android Version: 4.1.2 – Build JZO54K
Build Date: 22-12-12
Change list: 742798
Source: Sam Mobile