Samsung is yet again in the spotlight with a new, potentially dangerous, security flaw. A developer revealed an exploit at kernel level that allows access to the entire physical memory on a number of popular Exynos-based devices, including the Galaxy S III and Galaxy Note II.
Thankfully, a developer behind the SuperSU rooting tool, came promptly to the rescue and released an app which can be used by affected users to temporarily plug the security hole.
The exploit could potentially allow any malicious app to gain rooting privileges on affected devices without requesting elevated permissions from the user. The app, which is interestingly titled ExynosAbuse, takes a similar approach but it does so to plug the security hole. It enables root on targeted devices however, unlike malware, the SuperSU app is also installed in order to manage future requests for elevated privileges. But there is a down side -- it may break the camera.
As a result the developer behind ExynosAbuse allows users to also enable the exploit when they want to take a picture or record a video. It can hardly be considered an ideal solution, but until Samsung issues an official fix, the app is the safest bet. The compatible devices include the Galaxy S II (codename "I9100"), Galaxy S III (codename "I9300", "I9305"), Galaxy Note II (codename "N7100", "N7105", "SGH-I317", SCH-I605"), Galaxy Tab Plus (codename "P6210") and Galaxy Note 10.1 (codename "N8000", "N8010", "N8013" and "N8020").
The flaw in the kernel's security was uncovered through a common practice among modders. The developer that found it was looking into a method of obtaining rooting privileges on the Galaxy S III without using ODIN to flash the needed files. According to his findings, all devices based on the Exynos 4210 and 4412 chipsets could be potentially affected, but there is no specific list provided at the moment.
The Google Nexus 10, which also sports an Exynos chipset (albeit an Exynos 5 type), is considered unaffected. Also, according to the developer behind the app not all Gingerbread firmwares for the above mentioned devices (where applicable) include the security exploit. He stated that "several SGS2 GB firmwares" are unaffected, but did not provide further details. It's safe to assume that installing the app is recommended.