During this past weekend, an exploit was discovered in the two Exynos 4 chips that could give a malicious app complete control over the affected device's RAM. In turn, this would allow hackers to root the device and leave it wide open for additional malicious apps and activities.
"The security hole is in kernel, exactly with the device /dev/exynos-mem," reads a post over on the XDA Developers forum. "This device is R/W by all users and give access to all physical memory. Its like /dev/mem but for all."
Devices that use Samsung's Exynos 4210 and 4412 SoCs include select Galaxy S 2 models, the Galaxy Note, the Galaxy Note 2, and the Galaxy Tab 2 tablet. As of this writing, Samsung has yet to issue a fix, but the CyanogenMod team has developed a patch and thrown it into its CyanogenMod 10.1 nightlies release -- support for CM10 and CM9 is coming soon.
"As of this morning, the patches for Exynos 4412 and 4210 have been merged into our 10.1 source," the CyanogenMod team said on Google+. "10.1 nightlies from this evening forward are not affected. We will also be working on adapting the patch to our jellybean and ics branches where necessary."
Meanwhile, here is Samsung's official statement about the Exynos bug:
Samsung is aware of the potential security issue related to the Exynos processor and plans to provide a software update to address it as quickly as possible.
The issue may arise only when a malicious application is operated on the affected devices; however, this does not affect most devices operating credible and authenticated applications.
Samsung will continue to closely monitor the situation until the software fix has been made available to all affected mobile devices.