In 2017, Google fixed a vulnerability in older Android kernel versions that could allow attackers to gain root access to mobile devices. However, the search giant revealed today that its Project Zero team has detected that same bug being used in the wild, affecting newer Android kernel versions (via ZDNet).
Google says the vulnerability is affecting the Pixel 2 phones and some devices manufactured by Samsung, Xiaomi, Motorola, Huawei, and OPPO. Specifically, the following models running Android 8.0 and later (unless specified otherwise) are impacted:
- Pixel 2 with Android 9 and Android 10 preview
- Huawei P20
- Xiaomi Redmi 5A
- Xiaomi Redmi Note 5
- Xiaomi A1
- Oppo A3
- Moto Z3
- Oreo LG phones
- Samsung Galaxy S7, S8, S9
Google's researchers note that this bug may work on a broad set of handsets as it "requires little or no per-device customization." That's on top of the devices enumerated above.
The Mountain View-based company's Threat Analysis Group (TAG) also confirmed that bad actors have already been using the exploit to launch attacks in the real world. TAG claims the bug is sold by Israel-based NSO Group, which supplies hacking tools to governments.
A representative from the Android Open Source Project also confirmed that the bug is classified as a "High severity on Android". Nevertheless, a new fix is now available on the Android Common Kernel. In addition, the first and second-generation Pixel devices will be patched as part of the October update while the Pixel 3 and 3A phones won't be affected.