User alephzain at xda-developers reported yesterday that a severe vulnerability in the Samsung Galaxy S III, Galaxy S II, Galaxy Note II, and potentially several other devices, could give remotely downloaded apps the ability to read user data, brick phones, or perform other malicious activities. "The good news is we can easily obtain root on these devices and the bad is there is no control over it," alephzain writes. While many vulnerabilities that pop up require physical access to a phone, multiple developers indicate that this newly-identified issue is far more severe, since it could allow apps downloaded from the Google Play Store an easy way to exploit the devices.
According to xda-developers user supercurio, Samsung has been made aware of the security hole, but the company has not publicly acknowledged the issue. It's not clear what the risk is for users at this point — the vulnerability appears to only now be gaining publicity — but supercurio notes that "millions of vulnerable devices are out there now." (The vulnerability is suspected to potentially affect all devices with Exynos 4210 and 4412 processors that use Samsung code.) User Entropy512 adds that "this exploit changes things — there is a no root exploit that can be used by an app straight from the market, in the background, with little to no user intervention." We have reached out to Samsung for comment and will update you if the company responds.
Update: Samsung has notified Android Central that it is "currently in the process of conducting an internal review" in regard to the security hole. We'll update you if we receive any additional answers from the company about the issue, or its progress in addressing it.