A vulnerability that allows any app to access the RAM on Samsung devices has been found by developers who were digging into the kernel for Samsung's Exynos systems.
Exynos is the ARM-based system on chip that's typically found in Samsung's mobile devices and tablets.
XDA Developers member alephzain first brought up the vulnerability on the site's forum, claiming that access to the device's physical memory is read-and-write enabled by all users.
With the ability to read and write to memory at will, alephzain said that any application could dump the contents of the device's RAM and/or inject arbitrary code into the kernel. Such manipulations of memory could potentially allow an attacker to extract data and forward it elsewhere, or modify data to present the user with false data while the application does something else. The vulnerability itself also allows devices to be rooted.
Alephzain has named a couple of the devices that are vulnerable, and others have been able to independently verify that the issue exists. In particular, another developer on the forum, Chainfire, has released an application that uses the vulnerability to gain root privileges, and has listed which devices are currently known to work.
These devices use the Exynos 4210 or 4412 system on chip and include:
Samsung Galaxy S2 GT-I9100
Samsung Galaxy S3 GT-I9300
Samsung Galaxy S3 LTE GT-I9305
Samsung Galaxy Note GT-N7000
Samsung Galaxy Note 2 GT-N7100
Verizon-based Samsung Galaxy Note 2 SCH-I605
Samsung Galaxy Tab Plus GT-P6210
Samsung Galaxy Note 10.1 GT-N8000
Samsung Galaxy Note 10.1 GT-N8010
Samsung Galaxy Note 10.1 GT-N8020.
Although the Google Nexus 10 uses the Exynos platform, it has been confirmed as not being affected, as it uses the Exynos 5250.
Not everyone has agreed with how the vulnerability was made public, nor the public availability of code that allows it to be exploited. Given the late notice that manufacturers were given, forum member supercurio has taken it upon himself to release a quick fix for the vulnerability while the manufacturers determine how best to tackle the issue.