A vulnerability created by Samsung’s Exynos processor may create opportunities for malware to take over, brick, wipe data, or steal information on smartphones with Samsung’s ARM-based Exynos CPUs, including the flagships Galaxy S3 and Galaxy Note 2 smartphones and phablets. In addition to Samsung, other smartphone manufacturers, such as Meizu with the Meizu MX, also uses the Exynos CPU in their devices.
The vulnerability was originally discovered by XDA-Developers forum member alephzain and was reported by The Next Web. The hacker tested his vulnerability on his Galaxy S3, but says that the issue extends to devices using the Exynos CPU. The vulnerability has been tested and exploited by other XDA members.
It should be noted that U.S. variants of the Galaxy S3 would not be at risk from this particular vulnerability as these devices do not utilize Samsung’s CPUs. When the devices were announced and released, U.S. LTE networks were incompatible with Samsung’s processor, so Samsung created separate variants for this market with Qualcomm’s dual-core Snapdragon S4 CPU. The Galaxy Note 2 in the U.S., however, are still at risk as Samsung had worked out LTE network compatibility issues when that device was announced for the U.S. and was able to place its quad-core Exynos CPU inside the U.S. variants of the Galaxy Note 2.
While Exynos in general is affected, it appears that the latest Exynos 5 CPU found on the Samsung-made, Google-branded Nexus 10 tablet is not affected by this discovered vulnerability.
Samsung has been reportedly made aware of the issue and has yet to offer an official statement.
Additionally, it’s also been reported that a user-made patch also exists to fix the vulnerability and help to prevent malware from taking over the Exynos-powered devices. You can read more about the patch made by Supercurio and install it if you do not want to wait for Samsung.