Massive security flaw found in Android smartphones

By Staff Writer | 04 Oct 2019 at 20:29hrs
Google's Project Zero research group has highlighted a zero-day vulnerability in the Android operating system that allows malicious parties to attain complete control of victims' smartphones.

According to Google Project Zero member Maddie Stone, there is evidence that the exploit is being used in the wild, which is why it has de-restricted the bug seven days after reporting it to Android.

The bug affects at least 18 Android smartphones, including the following:

    Pixel 1
    Pixel 1 XL
    Pixel 2
    Pixel 2 XL
    Huawei P20
    Xiaomi Redmi 5A
    Xiaomi Redmi Note 5
    Xiaomi A1
    Oppo A3
    Moto Z3
    Oreo LG phones
    Samsung S7
    Samsung S8
    Samsung S9

"The bug is a local privilege escalation vulnerability that allows for a full compromise of a vulnerable device," explained Stone.

"If the exploit is delivered via the web, it only needs to be paired with a renderer exploit, as this vulnerability is accessible through the sandbox."

Android released a statement highlighting that the issue is "high" in severity.

"This issue is rated as High severity on Android and by itself requires installation of a malicious application for potential exploitation. Any other vectors, such as via web browser, require chaining with an additional exploit."

"We have notified Android partners and the patch is available on the Android Common Kernel. Pixel 3 and 3a devices are not vulnerable while Pixel 1 and 2 devices will be receiving updates for this issue as part of the October update."

It s not certain when the exploit will be patched on non-Pixel devices.



WhatsApp Newsletter

Follow us

Latest Headlines