A security vulnerability affecting Samsung devices has recently been discovered by members of the XDA Developers forum. According to the information posted on the forum, all Samsung devices with an Exynos chip may be affected by this including the Samsung Galaxy Note 2, Samsung Galaxy S2, Galaxy Note 10.1 and others.
It is a kernel vulnerability that provides attackers with root and read and write access to all physical memory. If that would not be bad enough, it can be exploited by malicious apps that get installed via Google's Play store or by sideloading them to the device. No root or modification is necessary for this to happen, which effectively means that any specifically prepared application can exploit the vulnerability on affected phones.
What makes this vulnerability that dangerous is that it can be exploited by applications users install straight from Google Play, and that users may not even become aware of what is happening in the background after they have installed the app on their phone.
Samsung phones owners who use a phone with an Exynos chip need to take extra care when they install apps on their phones. It is highly suggested to only install applications from trusted sources and even there, double and triple check before the app is installed.
Forum members are already working on temporary fixes that protect Samsung devices from exploits of the vulnerability and quick patches seem to protect rooted Samsung phones already.
According to information posted on the forum, Samsung has been notified about the issue. There has been no reaction so far though.
Update: Exynos Abuse has been released on the forum which uses the security vulnerability to gain root privileges to installer SuperSu on devices. It then allows you to disable the exploit or re-enable if in case you do need it again. Note that it may break the phone's camera and the developer notes that this is a workaround and not an actual fix.
Please note that there is always risk involved when installing applications on your phone, and especially so if you install them from third party sources.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.