Samsung is working on an update for a software flaw that could allow attackers to siphon personal data from a phone. The flaw and an exploit was disclosed on Sunday on XDA Developers, a forum for mobile developers. The vulnerability affects Samsung’s S2 and S3 phones and several models of its Galaxy line. Samsung downplayed the seriousness of the issue, saying “the issue may arise only when a malicious application is operated on the affected devices” It did not specify when the fix would be available.”]