Merry Xmas And Happy New Year In Advance To You All From Admin!!Click Here To Last longer In Bed[Stay amused>>>Donít be a one minute Foul]>>> Love need Tips-See how Here


Author Topic: zero-day vulnerability affected Pixel, Samsung, LG, Xiaomi and other Android pho  (Read 12292 times)

0 Members and 1 Guest are viewing this topic.

droid

  • Full Member
  • ***
  • Posts: 234
    • View Profile


According to ZDNet, Google announced yesterday that an Android vulnerability previously patched back in December 2017 was discovered once again on certain phones running Android 8.x or later. The vulnerability was found in Android's kernel code and could allow a hacker to gain root access over a phone. That would allow a bad actor to steal data from a handset, make changes to the operating system and more.  Google's Project Zero team discovered the vulnerability and its Threat Analysis Group (TAG) found that it was being used in real-world attacks right now.

It appears that this new alert has nothing to do with the zero-day vulnerability that recently affected iOS users. The latter was discovered to be the work of a Chinese state-sponsored group that was conducting surveillance against citizens of China. The models currently affected include:

Google Pixel 2 with Android 9 and Android 10 preview
Huawei P20
Xiaomi Redmi 5A
Xiaomi Redmi Note 5
Xiaomi A1
Oppo A3
Moto Z3
LG phones running Android 8
Samsung Galaxy S7
Samsung Galaxy S8
Samsung Galaxy S9
Google notes that the vulnerability is being exploited now with attacks taking place in the real world making it a true zero-day vulnerability. The company stated that the "exploit requires little or no per-device customization," which means that it might also be found on a wider range of handsets than those listed above. Google's Threat Analysis Group says that this is the work of Israel's NSO Group which has been known to sell surveillance tools and exploits. However, when reached by ZDNet for a comment, the company denied having anything to do with this vulnerability and said, "NSO did not sell and will never sell exploits or vulnerabilities. This exploit has nothing to do with NSO; our work is focused on the development of products designed to help licensed intelligence and law enforcement agencies save lives."

According to a spokesman for the Android Open Source Product, there are certain conditions that need to be met for the vulnerability to be exploited. The good news, as far as Pixel users are concerned, is that the October security update, due out any day, will patch this.

"This issue is rated as High severity on Android and by itself requires installation of a malicious application for potential exploitation. Any other vectors, such as via web browser, require chaining with an additional exploit. We have notified Android partners and the patch is available on the Android Common Kernel. Pixel 3 and 3a devices are not vulnerable while Pixel 1 and 2 devices will be receiving updates for this issue as part of the October update."-AOSP spokesman

Under Google's policies, the company had to report this issue to the public within seven days, or when a patch is released (whichever came first). To reiterate, the October security update for the Pixels is due any day.


 

 

WhatsApp rollout out picture-in-picture mode to all Android users

Started by droid

Replies: 0
Views: 12908
Last post December 17, 2018, 12:09:30 AM
by droid
Android phone used by Apple to promote Apple Music on Twitter

Started by appmonstars

Replies: 0
Views: 12353
Last post December 19, 2018, 12:55:55 PM
by appmonstars
Android 9 Pie users can now reset Adaptive Brightness without battery data loss

Started by mobify

Replies: 0
Views: 17759
Last post January 16, 2019, 06:48:53 AM
by mobify
India start probe over Google's misuse of Android's dominant position

Started by mobify

Replies: 0
Views: 9261
Last post May 13, 2019, 06:20:59 AM
by mobify
WhatsApp to bring stickers integration to Gboard keyboard app for Android

Started by gurutek

Replies: 0
Views: 15655
Last post January 21, 2019, 07:23:14 AM
by gurutek