Samsung is working on a fix for a serious security flaw that affects popular devices such as the Galaxy S3 and Note 2.
The vulnerability, revealed earlier this week, can give malicious apps root access, potentially allowing data theft or manipulation. It seems to affect two particular models of the Exynos system-on-a-chip, namely the 4210 and 4412.
Samsung told ZDNet in a statement on Thursday that it was "aware of the potential security issue related to the Exynos processor and plans to provide a software update to address it as quickly as possible".
"The issue may arise only when a malicious application is operated on the affected devices; however, this does not affect most devices operating credible and authenticated applications," the company said. "Samsung will continue to closely monitor the situation until the software fix has been made available to all affected mobile devices."
That list includes these devices:
• Samsung Galaxy S2 GT-I9100
• Samsung Galaxy S3 GT-I9300
• Samsung Galaxy S3 LTE GT-I9305
• Samsung Galaxy Note GT-N7000
• Samsung Galaxy Note 2 GT-N7100
• Verizon-based Samsung Galaxy Note 2 SCH-I605
• Samsung Galaxy Tab Plus GT-P6210
• Samsung Galaxy Note 10.1 GT-N8000
• Samsung Galaxy Note 10.1 GT-N8010
• Samsung Galaxy Note 10.1 GT-N8020
The disclosure of the flaw on a forum has been controversial, particularly as someone also used the forum to offer up an app that could exploit the flaw.
The affected devices are Samsung's flagships and, given that the company is now the world's top mobile phone manufacturer, the vulnerability could cause widespread problems if exploited.