A researcher has unearthed a vulnerability affecting several Samsung smartphone models which could allow attackers to gain administrative access to the devices through any application.
Alephzain published details on the XDA Developers forum describing a hole within a Samsung headset kernel that affected all devices running the Exynos 4210 and 4412 processors.
All physical memory on the device can be accessed and, in the worst-case scenario, stolen or erased by an attacker who uses an app to exploit the flaw, Alephzain said.
Affected devices include the Samsung Galaxy Note 2, Galaxy S3, Galaxy S2, Meizu MX – and potentially other Samsung products.
“The good news is we can easily obtain root [access] on these devices, and the bad is there is no control over it,” Alephzain wrote.
So far, the flaw doesn't appear to have been publicly exploited. On Monday, Joseph Hindy, another member of the developer forum, published additional details about the vulnerability.
A spokesman for Samsung told SC it was “currently in the process of conducting an internal review” on the issue.