Samsung downplayed a root exploit vulnerability in some of its Exynos processors, and promised a patch for the flaw, according to a company statement acquired by AndroidCentral.
The bug affects devices with Exynos 4210 and 4412 processors and was first made public by an XDA Developers forum member operating under the handle Alephzain. If exploited, the vulnerability could allow for malicious application installation and enable an attacker to obtain root privileges on affected devices.
Just after Alephzain posted about the issue on the XDA Developers forum, another user, Chainfire, created an application called ExynosAbuseAPK that used the exploit to root affected devices at boot and disable the vulnerability. Some users who applied the makeshift fix had trouble with their camera applications after installing the ExynosAbuseAPK app.
“Samsung is aware of the potential security issue related to the Exynos processor and plans to provide a software update to address it as quickly as possible,” the company said in a statement. “The issue may arise only when a malicious application is operated on the affected devices; however, this does not affect most devices operating credible and authenticated applications. Samsung will continue to closely monitor the situation until the software fix has been made available to all affected mobile devices.”
In other Samsung-related news, security researcher Luigi Auriemma recently discovered that some of the company’s W-Fi-capable TVs contain a bug that could give an attacker the ability to root vulnerable devices, remotely access the remote controls, retrieve files located on any USB drive attached to the TV, and install malicious software on them.