Some bad news is surfacing this weekend for owners of several popular Samsung devices. Members of XDA Developers identified a kernel exploit for devices with certain Exynos processors that could provide root access without flashing the device. According to XDA member alephzain, the vulnerability was discovered on his Samsung Galaxy S III in /dev/exynos-mem. The weakness provides full read/write rights to all physical memory.
XDA member testing has determined the device /dev/exynos-mem is involved in the operation of the camera, graphic memory allocation, and HDMI. Research reveals a change in permissions can plug the hole, but this also seems to have the side-effect of rendering the camera inoperable. Another XDA member, RyanZA, created a small app to toggle the affected device’s permissions between full read/write and read-only.
XDA members have reported the problem to Samsung, but no response or statement has been provided by Samsung yet. At this time, the exploit is believed to only affect devices with the 4210 or 4412 Exynos chipsets. The bad news for Samsung is that several of their top-selling devices are powered by those chips, including the Galaxy S III, the Samsung Galaxy S II, the Samsung Galaxy Note II and the Meizu MX.
No known malicious apps or malware exist that exploit the vulnerability. However, with news breaking about the security hole, harmful code is probably not far behind. Be sure to check back with TalkAndroid as additional information develops.