After a recent report from security company NowSecure detailed a vulnerability that potentially affects more than 600 million Samsung smartphones, Samsung announced a fix that should be coming in “a few days” for some devices.
The vulnerability consists of a bug in Samsung’s pre-installed keyboard software, letting a hacker install arbitrary code on the smartphone provided the hacker and the user are connected to the same network. It affects Samsung Galaxy S6, S5 and S4 smartphones, as well as many other models.
In a blog post, Samsung downplayed the severity of the security flaw, saying that “the likelihood of making a successful attack, exploiting this vulnerability is low.”
Still, the company did promise a fix, which will come in the form of a security policy update, delivered through Samsung’s KNOX security platform. Users who own a phone with KNOX — which is all flagship models since the Galaxy S4 — will have to make sure their device is set to automatically receive security policy updates, and the fix will arrive automatically.
The vulnerability, however, affects some devices that don’t have KNOX, such as the Galaxy S3. For those users, Samsung promised a firmware update, which will be available “upon completion of all testing and approvals.”