Update 2: This exploit probably won't work on most Galaxy S III's as long as they have the most recent OTA update, as we demonstrate on video here.
Ouch. This is not the type of PR Samsung needs right now. Apparently a new vulnerability has been found that can force a factory reset with zero user interaction on many Samsung phones running TouchWiz. The bug is found within the stock TW browser, which allows direct execution of dialer codes like the one used for this exploit. This code is easily embedded into HTML, so one tap of a malicious link will reset the phone instantly. Other browsers, like Chrome, Dolphin, etc. aren't affected, so we highly recommend switching if you've been using the stock TouchWiz browser.
At this time it's unclear exactly how many Samsung phones are affected, but so far users have been able to reproduce the issue on the Galaxy S II (assume all variants), the Galaxy S Advance, Galaxy Beam, and Galaxy Ace, among others. From what we're hearing, the international GSIII variant should be unaffected, and the AT&T version was updated with a patch for this very exploit last week. It's unknown at this time whether or not the Sprint, Verizon, and T-Mobile variants are susceptible.
We'll keep you updated as more information comes to light.