A new vulnerability that allows any app to access the RAM on Samsung devices has been found by researchers who were looking into the kernel for Samsung’s Exynos systems.
XDA Developers member alephzain first brought up the vulnerability on the site’s forum, claiming that access to the device’s active memory is read-and-write enabled by all users.
Alephzain has named a couple of the devices that are vulnerable, and others have been able to independently verify that the issue exists. Another developer on the forum, Chainfire, has released an application that uses the vulnerability to gain root privileges, and has listed which devices are currently known to work.
The affected devices use the Exynos 4210 or 4412 system on chip and include:
- Samsung Galaxy S2 GT-I9100
- Samsung Galaxy S3 GT-I9300
- Samsung Galaxy S3 LTE GT-I9305
- Samsung Galaxy Note GT-N7000
- Samsung Galaxy Note 2 GT-N7100
- Verizon-based Samsung Galaxy Note 2 SCH-I605
- Samsung Galaxy Tab Plus GT-P6210
- Samsung Galaxy Note 10.1 GT-N8000
- Samsung Galaxy Note 10.1 GT-N8010
- Samsung Galaxy Note 10.1 GT-N8020.