Two big pieces of news were released today regarding the much loathed Exynos exploit that plagues Samsung Galaxy SIII users who are looking for their OS updates. In addition to the SII, other Samsung devices are also vulnerable, the SII and Note II, all very popular and well received devices. For the first time, Samsung has officially acknowledged the exploit issue, and promise to address it with an official patch as quickly as possible. The second big announcement was by the CyanogenMod team, who announced today on their Google+ page that they have merged patches for Exynos 4412 and 4210 into their 10.1 source.
The Exynos exploit revolves around a potential opening in the kernel on affected devices to be exploited by malicious apps, and would give access to private and personal user information as well as other “inner workings” of the device. The Exynos processor exploit should only affect the international version of the devices, leaving U.S. based users safe from this particular issue. The most important thing for users to understand is that their private information relies on them making good decisions when it comes to the downloading and use of apps on their device, and all users should be vigilant in their research of anything they plan to load on their phone.
The official statement was first released to AndroidCentral:
Samsung is aware of the potential security issue related to the Exynos processor and plans to provide a software update to address it as quickly as possible.
The issue may arise only when a malicious application is operated on the affected devices; however, this does not affect most devices operating credible and authenticated applications.
Samsung will continue to closely monitor the situation until the software fix has been made available to all affected mobile devices.
The exploit is also being blamed for the delays in the release of the Jelly Bean OS update to European device owners, who have been expecting the software to release since October 2012. Current Samsung Sweden statements have pushed the release of the update back to December 2012 – January 2013, but their track record of pushing back this particular update has left many users less than confident about this information. Analysts expect the release of the patch for the Exynos exploit to come before any effort is made to patch devices across Europe.
The statement from CyanogenMod about their recent updates that already include fixes for the exploit:
No doubt the press will be making the rounds on the recent Exynos 4 security issue. As of this morning, the patches for Exynos 4412 and 4210 have been merged into our 10.1 source.
10.1 nightlies from this evening forward are not affected. We will also be working on adapting the patch to our jellybean and ics branches where necessary.
Protip: In the end, security always comes down to you as an end user. Be smart, and educate others.
AndroidHeadlines always recommends that users research and investigate all software, roots, patches, and apps before installing them on their devices.
Source: Google+ / Android Central