Samsung phones are encrypted by default, but the language packs that are optional add-ons for text entry are unencrypted. The exploit can be used to give an attacker system user level access, along with the ability to steal data such as passwords, bank logins, and private information. Samsung is working on updates to try and fix the loophole.
For more on this topic, click here.