New Exploit Discovered In Galaxy S III, Galaxy Note II Offers User Data To Malicious Android Malware Based Apps

If you prefer your mobile operating experience to be of the Android variety and always opt to let Korean based Samsung handle your hardware requirements then the discovery of a new exploit within certain Samsung devices should be more than enough to peak your interest. The vulnerability in the Samsung hardware has been discovered by a keen-eyed developer over at the XDA Developer forums and has been classified as being at the kernel level that allows malicious applications to gain access to all physical memory on the affected device.

The idea of malware and malicious applications is nothing new on the Android platform and there has been a number of reports carried out with the aim of looking through popular apps on the Play Store to see just what percentage actually pose a risk to end-users who unwittingly download and install the software. However, this latest find is a little more sinister and actually exists within the hardware itself. The developer in question was able to use the vulnerability to root his Samsung Galaxy S III smartphone but also concedes that the issue can be found in a variety of Samsung devices that contain Exynos processors.

Information about the vulnerability has already been fed back to Samsung engineers in the hope that they can react and potentially fix the issue if possible but that hasn’t happened before a separate developer managed to create a fully working APK that is able to take advantage of the exploit to root a number of affected Samsung devices. The Galaxy S II, Galaxy S III, Galaxy S III LTE, Galaxy Note and Note II and Samsung Galaxy Note 10.1 are all said to be affected and can be rooted used the APK.

s3_crimson

The good news – if you can call it that – is that devices like the Nexus 10 are safe and aren’t vulnerable to this issue due to the fact that they are powered by an Exynos 5 processor rather than a fourth series chip that sits in all of the other problematic devices. Users of the affected devices shouldn’t really be hitting the panic alarms just yet as there hasn’t been any reports of malicious apps that are capable of exploiting this issue to steal sensitive data or brick the device but the hope is that we can get some official word from Samsung before that actually happens.

A temporary unofficial fix has been made available, details of which can be found here. We are still waiting for Samsung to respond to this, and make an official patch available for all the above mentioned devices.

(Via TheNextWeb)

You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple and the web.