Sprint and T-Mobile issue OTA updates to address Exynos vulnerability

Two major wireless carriers in the US are now rolling out a patch to fix a security hole in select smartphones and tablets powered by Samsung’s Exynos mobile processor. The exploit is said to create opportunities for attackers to introduce malware to steal information, wipe data or even brick a device running an ARM-based Exynos CPU.

T-Mobile has released an over-the-air update for Galaxy Note II customers that is said to offer Exynos and other security enhancements along with various bug fixes. The 9MB update is said to work on all devices that aren’t rooted. Likewise, Sprint customers running the Galaxy S II Epic 4G Touch can download and install a similar over-the-air update that addresses generic security updates.

Samsung addressed the issue for the Galaxy S III in the UK but other international models like the Galaxy S II, Galaxy Note and Galaxy Note II remain unpatched at this hour. Select tablets using the Exynos processor are also vulnerable, we’re told. The Verge highlights the fact that most users can steer clear of this exploit by sticking to popular apps from well-known developers – ie, avoiding pirated apps.

The exploit was first discovered back in December when an xda-developers member learned that malicious applications could gain root access to his Galaxy S3. The vulnerability was tested by other XDA members and found to work on select devices running the Exynos processor, leaving some phone functions and user data at risk.