Android Central

A Samsung spokesperson has given Android Central an updated statement on its plans to fix the recently-discovered Exynos kernel vulnerability issue. In today's update, the company has indicated that it's aware of the problem and is preparing to move forward with software updates to remedy the situation on affected devices "as quickly as possible." Samsung also confirms what we already knew about the nature of the exploit, specifically that a specially-coded malicious app is required to take advantage of it. (As we mentioned a few days back, if you're not downloading sketchy apps, you probably don't have much to worry about.)

Here's Samsung's statement in full --

Samsung is aware of the potential security issue related to the Exynos processor and plans to provide a software update to address it as quickly as possible.

The issue may arise only when a malicious application is operated on the affected devices; however, this does not affect most devices operating credible and authenticated applications.

Samsung will continue to closely monitor the situation until the software fix has been made available to all affected mobile devices.

The exploit, which was discovered over the weekend, could give a malicious app to free reign over an affected device's RAM, allowing it to take complete control of the device. Over the weekend, popular phones like the Galaxy Note 2 and international Galaxy S3 and Galaxy S2 were found to be vulnerable to the exploit. Given that sales of those devices are measured in the tens of millions, it isn't surprising to see a swift response from the manufacturer.

In the meantime, there are third-party fixes already available for those worried about falling foul of malware based upon this vulnerability.

 

Reader comments

Samsung to fix Exynos vulnerability in software update 'as quickly as possible'

6 Comments

Not really, while the statement contradicts it, it was technically possible to spread through legitimate play store apps.

So either Samsung is casually ignoring the truth, or they're doing a bit of spin because Google probably updated their bouncer and malware scanning stuff to detect and block said apps.

Either way, the exploit is only a few days old, so noone is neccessarily affected at all, which of course makes your statement rather silly.

I'm sure you are much more familiar with these issues than I am, but from a casual reader, of which I am, here's the line in the article that captured my attention:

(As we mentioned a few days back, if you're not downloading sketchy apps, you probably don't have much to worry about.)

To imply the other posters statement was "rather silly" seems a bit over the top?

The article isn't necessarily incorrect in that part, Google does have security on the Play Market, so it may be that Google was on the ball and closed down this exploit very quickly.

But even so, sketchy apps do not mean pirated apps, but my point was really just that the exploit barely 3 days old by now, and we have absolutely 0 confirmation of the exploit even being used yet (except those protection/root apps).

So it's a bit silly in the case that i think it's kind of jumping the gun.