The company issued a statement to Android Central acknowledging the issue and explaining that it already knew of the issue. Samsung further elaborated it has uncovered that the vulnerability requires a specially coded malicious application to take advantage of the issue, so scattershot threats from common malware are not the problem.
“Samsung is aware of the potential security issue related to the Exynos processor and plans to provide a software update to address it as quickly as possible,” it said. “The issue may arise only when a malicious application is operated on the affected devices; however, this does not affect most devices operating credible and authenticated applications. Samsung will continue to closely monitor the situation until the software fix has been made available to all affected mobile devices.”
The issue stems from the smartphones’ kernel and Exynos processor. Essentially, a Samsung Play Store app could potentially inject malicious code directly into the kernel and compromise information stored in the phone’s RAM. After gaining access to physical memory through the app, attackers could steal user data, or could go the trickster/ransomware route, wiping data and bricking devices.
Samsung has sold more than 30 million Galaxy S III and II, Galaxy Note II, the Meizu MX, and possibly other devices that feature the Exynos processor and Samsung kernel sources.