Welcome To Androidlic Forum...Great Place To Connect, Interact & Learn With Android Lovers !


Author Topic: zero-day vulnerability affected Pixel, Samsung, LG, Xiaomi and other Android pho  (Read 12559 times)

0 Members and 1 Guest are viewing this topic.

droid

  • Sr. Member
  • ****
  • Posts: 390
    • View Profile


According to ZDNet, Google announced yesterday that an Android vulnerability previously patched back in December 2017 was discovered once again on certain phones running Android 8.x or later. The vulnerability was found in Android's kernel code and could allow a hacker to gain root access over a phone. That would allow a bad actor to steal data from a handset, make changes to the operating system and more.  Google's Project Zero team discovered the vulnerability and its Threat Analysis Group (TAG) found that it was being used in real-world attacks right now.

It appears that this new alert has nothing to do with the zero-day vulnerability that recently affected iOS users. The latter was discovered to be the work of a Chinese state-sponsored group that was conducting surveillance against citizens of China. The models currently affected include:

Google Pixel 2 with Android 9 and Android 10 preview
Huawei P20
Xiaomi Redmi 5A
Xiaomi Redmi Note 5
Xiaomi A1
Oppo A3
Moto Z3
LG phones running Android 8
Samsung Galaxy S7
Samsung Galaxy S8
Samsung Galaxy S9
Google notes that the vulnerability is being exploited now with attacks taking place in the real world making it a true zero-day vulnerability. The company stated that the "exploit requires little or no per-device customization," which means that it might also be found on a wider range of handsets than those listed above. Google's Threat Analysis Group says that this is the work of Israel's NSO Group which has been known to sell surveillance tools and exploits. However, when reached by ZDNet for a comment, the company denied having anything to do with this vulnerability and said, "NSO did not sell and will never sell exploits or vulnerabilities. This exploit has nothing to do with NSO; our work is focused on the development of products designed to help licensed intelligence and law enforcement agencies save lives."

According to a spokesman for the Android Open Source Product, there are certain conditions that need to be met for the vulnerability to be exploited. The good news, as far as Pixel users are concerned, is that the October security update, due out any day, will patch this.

"This issue is rated as High severity on Android and by itself requires installation of a malicious application for potential exploitation. Any other vectors, such as via web browser, require chaining with an additional exploit. We have notified Android partners and the patch is available on the Android Common Kernel. Pixel 3 and 3a devices are not vulnerable while Pixel 1 and 2 devices will be receiving updates for this issue as part of the October update."-AOSP spokesman

Under Google's policies, the company had to report this issue to the public within seven days, or when a patch is released (whichever came first). To reiterate, the October security update for the Pixels is due any day.



 

Samsung ,Apple seek tax breaks that'll help grow Indian smartphone production

Started by droid

Replies: 0
Views: 13283
Last post January 28, 2019, 06:43:57 AM
by droid
Chinese phone users are trading their Samsung S10 to buy the OnePlus 7 Pro

Started by gurutek

Replies: 0
Views: 12057
Last post May 20, 2019, 06:10:32 AM
by gurutek
Samsung, Huawei and Apple ship most phones in Q2 of 2020

Started by techy

Replies: 0
Views: 11881
Last post October 07, 2020, 02:23:41 PM
by techy
Samsung adds auto brightness for its phones

Started by appmonstars

Replies: 0
Views: 6943
Last post November 19, 2018, 06:26:07 AM
by appmonstars
Over 90% of phones sold by US carriers are Samsung and iphones

Started by gurutek

Replies: 0
Views: 8105
Last post January 03, 2020, 09:21:28 AM
by gurutek