Security exploit opens Samsung Galaxy S III, Note II to attack, could let apps from Google Play write to Kernel

Amid the XDA community's ongoing quest to root every Android handset it comes across, one forum user appears to have found a serious exploit that affects certain Exynos devices. While fiddling with his Galaxy S III, XDA user Alephzain discovered a way to obtain root without flashing with Odin. The Samsung kernel apparently allows read / write access to all physical memory on the device, including the kernel itself. This makes for an easy root, Alephzain writes, but leaves devices open to attack -- allowing Kernel code injections and RAM dumps from malware-laden apps from the Google Play store.

It isn't the only avenue for attack on an Android handset, but it is an exceedingly easy attack. Luckily, a community fostered fix seems pretty simple too -- XDA user RyanZA has already created a patch to modify write permissions on affected devices -- though Galaxy S III users are reporting that the fix cripples the phone's camera app. So far, Alephzain has confirmed that the Galaxy S II, III, Note II and the Meizu MX are at risk, but notes that the exploit might work on any device running a Exynos 4210 or 4412 processor. Samsung has not yet made a comment about the vulnerability, but forum members say that the issue has been reported. As for the exploit's lasting implications? Head on over to the XDA forums to join the discussion.

[Source: Engadget]