Linked by Thom Holwerda on Tue 25th Sep 2012 21:14 UTC, submitted by bowkota
PDAs, Cellphones, Wireless On the same day I bought a brand new iMac and switched back to Mac (no joke!), and teased the employees at the Apple retailer with my Galaxy SII, Samsung goes around and pulls something idiotic like this. TouchWiz, Samsung's Android skin, has a very severe flaw which passes digits along from JavaScript (via their modified browser) to the modified dialler, allowing your device to be factory reset (!) by just visiting a link - via NFC, QR, or plain. This doesn't affect all Samsung devices, but those that are affected are all TouchWiz devices. This just proves once again that you should either buy Nexus, or make the switch to Cyanogenmod (or any of the other AOSP-based ROMs).
Thread beginning with comment 536511
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Comment by some1
by phoudoin on Wed 26th Sep 2012 07:56 UTC in reply to "Comment by some1"
phoudoin
Member since:
2006-06-09

Indeed, the issue is most carrier-subsidized phones with custom ROM don't support them as they should, allowing such hole to be unfixed for months.

Unfortunatly, considering the price of a smartphone, many owners get a carrier-subsidized one...

Reply Parent Score: 2

RE[2]: Comment by some1
by some1 on Wed 26th Sep 2012 12:26 in reply to "RE: Comment by some1"
some1 Member since:
2010-10-05

Androidpolice says most US carriers likely pushed a fix last week: http://www.androidpolice.com/2012/09/25/video-most-galaxy-s-iii-dev...
This is for S3, don't know about other models.

Reply Parent Score: 2

RE[3]: Comment by some1
by phoudoin on Wed 26th Sep 2012 12:35 in reply to "RE[2]: Comment by some1"
phoudoin Member since:
2006-06-09

Androidpolice says most US carriers likely pushed a fix last week.


They didn't pushed a *fix*, but a full upgrade to Android 4.0.4 or sooner, which already include the fix.
I'll bet that they didn't even knew that the issue existed on the first place and that only this upgrade comes with the fix. May Jelly Bean was not ready to broadcast, I'm pretty sure no official fix will be available yet.

Reply Parent Score: 2