Samsung Galaxy S3 update fixes serious vulnerability

SamsungS3Samsung has now started pushing out the 4.1.2 Jelly Bean software update (I9300XXELLA) to the Galaxy S3 on January 2nd. This update fixes the Exynos vulnerability (and possibly the ‘sudden death’ issue – see below) which I reported on last month.

IMPORTANT UPDATE 10th Jan: I’ve been experiencing device resets with this firmware update*. Worse still my contacts disappeared as well as all sorts of system lag and video playback issues. *I’ve also read online people are seeing their S3 devices switching off altogether (known as ‘bricking’).

The Exynos 4 chip vulnerability (discovered by alephzain on XDA Developers earlier in December) could have allowed malware* to extract data from the S3 RAM or inject malicious code directly into the kernel has been fixed in this release. I’m in Las Vegas at #CES2013 and picked up this update yesterday (6th January). I understand some readers living in the UK may well have already picked up this update prior to this date.

IMPORTANT NOTE: There is no evidence to suggest that mobile malware is in the wild that can utilise the Exynos exploit. I’ve researched in my usual hunting grounds and found nothing.

It was reported before Christmas that some Samsung S3 owners were experiencing bricked devices after recharging or when the screen was turned off. This appears to have been fixed in this update (new bootloaders have been identified in the build when looking at the Zip file in Kies), but I cannot find release notes to confirm this. Other online reports also claim Samsung has fixed some minor issues and security patches as a routine update.

This update fixes Samsung devices that feature the Exynos processor (4410 and 4412) and that use the Samsung kernel sources. Other than the S3 and Galaxy Note 2, other affected devices are said to include: Samsung Galaxy S2 GT-I9100, Samsung Galaxy S3 GT-I9300, Samsung Galaxy S3 LTE GT-I9305, Samsung Galaxy Note GT-N7000, Samsung Galaxy Note 2 GT-N7100, Verizon Galaxy Note 2 SCH-I605 (with locked bootloaders), Samsung Galaxy Note 10.1 GT-N8000, and the Samsung Galaxy Note 10.1 GT-N8010.

For my techie readers you can check ‘About Device’ for the following information when you have updated:

Kernel version 3.0.31-742798 Sat Dec 22 17:04:04 KST 2012
Build number JZO54K.I9300XXELL4
Change list: 742798

If you are not seeing this update then you can always do the following (make sure you only download the update over Wi-Fi though):

  • Pull down the notification bar
  • Click the ‘Settings’ sprocket
  • Scroll down and click ‘About device’
  • Click ‘Software update’

Remember, you can also update to this latest firmware via Samsung Kies software, however the update process as described above is my suggested method. Remember also, to backup your device prior to updating.

Safe surfing folks!

This entry was posted in android, malware, mobile, privacy and tagged , , , . Bookmark the permalink.

One Response to Samsung Galaxy S3 update fixes serious vulnerability

  1. Ray says:

    No help after force stopping
    Gallery photos freeze
    Unable to scroll n delete a selected few

Leave a Reply

Your email address will not be published. Required fields are marked *