Yet another security threat was found by the Android developer community that affects the Galaxy S3, Note 2, Galaxy S2 and the Meizu MX. This exploit was also found to work on any device running the Exynos 4210 or 4412 processor. So what is this exploit? Well it makes for an easy root, but leaves the devices open for attack. Allowing for kernel code injections and RAM dumps from Malware apps that can be installed from the Google Play Store. According to XDA user Alephzain who found the exploit.
But luckily the developer community is quick with things like this and have already found a fix. Thanks to XDA user RyanZA, there is already a patch to modify these permissions on all the affected devices. But the only downside is that users have confirmed that this fix cripples the camera on all these devices. So far Samsung has not made a comment on this security flaw on most of their flagship devices, but we expect to hear something soon from them.
As we said this does affect all devices using the Exynos 4210 or 4412 processor, which are primarily Samsung devices, and newer ones at that. Members in the XDA forums have said that the issue has been reported to Samsung. And the amount of media coverage it’ll get in the coming hours will almost force Samsung to comment very soon.
If you’re one of those millions of people out there with the Galaxy Note 2, Galaxy S2 or 3, or the Meizu MX or some other device running on the Exynos 4210 or 4412 processor, and you’re rooted. Be careful with what your downloading from the Play Store. As we’ve said before, always check the reviews before downloading and see what others think about the app. If it’s got some pretty bad reviews you’ll want to leave it in the Play Store.
Update: Thanks to Supercurio, there’s now a non-root fix that you can apply to your device to fix this exploit. It’ll let you know if your device is vulnerable and then close it if it is. And most of all it “doesn’t modify your system, copy files, or flash anything”. You can turn the fix off and on as you choose, which is great since it messes with the front-facing camera. It also could mess with the HDMI output for some devices, but we aren’t 100% sure. So here’s a temporary fix for those that aren’t rooted, and hopefully Samsung will get an update out to fix this exploit ASAP.
Source: XDA-Developers (1), (2)