Samsung’s (005930) flagship Galaxy S III and Galaxy Note II smartphones may be vulnerable to app-based attacks following the discovery of a security hole in the company’s line of Exynos 4 processors. XDA Developers forum member “alephzain” uncovered the problem and noted that a Play Store app could potentially access information from the phone’s RAM or even inject malicious code directly into its kernel. It has also been reported that the vulnerability could affect all devices that are equipped with a Exynos 4210 or 4412 processor and utilize Samsung’s kernel.

“The good news is we can easily obtain root on these devices,” the hacker said. “The bad is [that] there is no control over it.”

A spokesperson for the company reached out to CNET and confirmed that it is “currently in the process of conducting an internal review” of the issue.

This isn’t the first big security issue to hit Samsung’s Galaxy line of devices. Earlier this year, it was discovered that a number of TouchWiz-enabled smartphones could be remotely wiped after visiting a webpage containing a simple script. That specific exploit was fixed through an over-the-air update a few days later, however.

Samsung is the world’s largest smartphone vendor and has sold more than 30 million Galaxy S III devices and more than 5 million Galaxy Note II handsets in the past year.