Default Note 3 Knox vulnerability?

From Wall Street Journal 12/24

Several security vulnerabilities have already emerged as Samsung develops and rolls out Knox—a normal part of software development processes, according to one person familiar with the project. Samsung has said it is working to fix these issues with Knox.

Earlier this month, the company said it had released a patch to address a separate vulnerability that affected Knox on Samsung's Note 3 smartphone.

In a statement, Samsung said that the Note 3 vulnerability posed a "threat to the integrity of Knox-enabled devices," but said that it had fixed the problem and that "security patches are being rolled out for all vulnerable models."

In the case of the vulnerability alleged by the Israeli researchers, even a relatively unsophisticated app, such as a mobile game aimed at children, could exploit the device's security, said Mr. Mimran of the Israeli lab.

Even if such an app were installed on a device outside the Knox container, that malware could be activated to record all data communication taking place inside the container.

"For us, Knox is state-of-the-art in terms of a secure mobile architecture, and I was surprised to find out there was such a big 'hole' that was left untouched," said Mr. Mimran, who added that he was willing to work with Samsung on the issue.