Samsung patches Galaxy Exynos flaw

The vulnerability, discovered just before the holidays, would allow a Samsung Play Store app to inject malicious code directly into the device kernel to compromise information stored in the phone’s RAM. After gaining access to physical memory through the app, attackers could steal user data, or could go the trickster/ransomware route, wiping data and bricking devices.

Unfortunately, XDA Developers forum member Alephzain quickly developed an exploit for the issue. But Samsung acknowledged the problem quickly, vowing to “provide a software update to address it as quickly as possible,” and noting that users were not at risk unless they downloaded unauthorized apps.

According to Samsung community site SamMobile, UK customers were pushed the 19300XXELLA update resolving the vulnerability over-the-air and via the PC-sync app Kies starting this week. Other users around the world however will have to wait. “For now the new software update is only available for the United Kingdom (BTU) but we expect other countries to follow soon,” the site noted.

As for the sudden death problem, the patch also updates the bootloader, giving users hope of a cure. “We believe that the new system update also fixes the sudden death issue as the new firmware ships with brand new bootloaders and this is the first time Samsung has updated the bootloaders of the device since it started shipping back in May 2012,” SamMobile noted.

Samsung has sold more than 30 million Galaxy S III and more than 5 million Galaxy Note II handsets in the past year. The issue also exists on the Samsung Galaxy S II, the Meizu MX and other devices that feature the Exynos processor and Samsung kernel sources.

What’s hot on Infosecurity Magazine?