Interesting topic. Open question: its a kernel flaw, but who added it (kernel.org or Samsung)?
Most of the root's suffered by Android is due to the kernel (is it 8 or 9 or the 11 or so?). The kernel should be rigorously code reviewed until such time that folks like Dan Rosenberg stop making a living on their CompSci 101 mistakes :) http://www.fiercemobilecontent.com/story/samsung-vows-quick-fix-android-security-vulnerability/2012-12-19 Samsung Electronics is at work to patch a security flaw afflicting a number of devices running Google's (NASDAQ:GOOG) Android, leaving them exposed to malicious apps that could result in hackers gaining root level permissions. The exploit, first identified earlier this week by user alephzain at the XDA Developers forum, gives hackers access to all of the Android device's physical memory. Alephzain tested the vulnerability on a Samsung Galaxy S III to root his device, but research indicates the flaw is also present across the Galaxy S II, Galaxy Note II, Meizu MX and other devices that feature an Exynos processor (4210 and 4412) and leverage Samsung kernel sources. "Samsung is aware of the potential security issue related to the Exynos processor and plans to provide a software update to address it as quickly as possible," the manufacturer said in a statement issued to Android Central. "The issue may arise only when a malicious application is operated on the affected devices; however, this does not affect most devices operating credible and authenticated applications. Samsung will continue to closely monitor the situation until the software fix has been made available to all affected mobile devices." There are currently no known Android malware apps that exploit the vulnerability in question, which does not pose a threat to Android devices without the Exynos processor. An estimated 18 million Android users will encounter mobile malware between the beginning of 2012 and the conclusion of 2013, according to a new forecast published by Lookout Mobile Security. The firm adds that the likelihood users will encounter malware or spyware threats depends heavily on their geography and behavior, varying from 0.20 percent in Japan to 0.40 percent in the U.S. to as high as 34.7 percent in Russia. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
