Exynos security fail

Samsung has started pushing out an update for the Exynos security issue for users in the UK. You might remember, there is a critical "bug" in the Exynos 4210 and 4412 powered Samsung phones including the world versions of the Galaxy S3 and other models. This bug allows any application to read the devices RAM, leading to all sorts of potential mischief. 

A third party patch was quickly made available by Supercurio that fixed the issues, and Samsung told us they would be addressing the situation as quickly as possible. For folks in the UK using a Galaxy S3, it appears that means right now. 

The update is 4.1.2 (build JZO54K) and was signed off on December 22. It's available as an over the air update, and is currently rolling out. Remember, you need to be running all stock software to accept and install any OTA updates, this one included.

There's also some speculation that this update will fix the seemingly random issue of hardware failure in the Galaxy S3 main boards, but I think it's a bit too early to suggest this. The fix to the Exynos exploit, however, is included in this update. No word on when to expect updates for other areas where folks are still in need of this critical patch, or other phones that need this update. 

Via: SamMobile


Reader comments

Samsung pushing update to fix Exynos security exploit


Let's see how long this takes to get to the AT&T Note 2. My guess is a while, hopefully it goes smoother than this multi-Window 4.1.2 update that is a complete mess.

With there having to be so many variants of devices for the US market, it must be tough to drive updates through the carrier acceptance process.
Of course, Samsung should take their share of the blame, if they didn't deliberately make a hundred and one different devices in the first place, and then have to customise them for every carrier, they'd be better able to keep up!

Wait, did I read the article right saying that build JZO54K is the build that fixes the vulnerability? Can that be clarified? (because according to my updated Note 2 on AT&T, it is running build JZO54K...)

That is the ATT multiview update which I updated to the first day it was released. I just rooted my GN2 using the exynos abuse exploit apk so that update did not patch the vulnerability in exynos in the GN2.

Both the 4.1.2 update and the security update are both JZO54K its the I9300XXE...... bit that's different

Must be a "typo" or somethin - the one that showed up on xda yesterday's XXELLA... been testing it for few hours and so far so good. Supercurios fix does the trick so imo that was no biggie, a LOT more interesting is that new bootloader - wish somebody finally confirmed if it fixed the sudden death issues and seriously would it really be so hard for Sammy to release some sort of changelog??

Hopefully it'll be pushed out to the Galaxy Note 10.1 soon. I have friends who are using this tablet and it does use the Exynos 4412 that is affected by this bug.

I'm on Orange too but I've probably been smarter then you. Bought the contract from Phones4u so I got an unlocked S3. Never buy from EE directly.. Its a rip off and you never get updates.

"There's also some speculation that this update will fix the seemingly random issue of hardware failure in the Galaxy S3 main boards"
Does that include the Hardware failure in the Note II main board as well?

My father's Note II just died about 3 weeks ago, he took it the service center next day & he just received it last night !
They told him, the motherboard died & they had to bring a whole board from South Korea!

Basically same hardware so if it fixes it for s3 im guessing n2 should b updated soon as well
btw really can't picture big oem like Samsung fooling around with bricked phones mobo, even if they could somehow fix it. I suppose that's also why they don't ask questions about flash counter/root and just replace it:)

It seems with samsung, everyone is left guessing. There is a huge clipboard fault since july 2012, not fixed. As for the huge exploit, it still exists on countless devices. 3-4 Months, still guessing, still hoping, still depending on 3rd party apps created months before. Very poor support for such urgent issues.