Google discloses an old Android vulnerability being used in the wild

In 2017, Google fixed a vulnerability in older Android kernel versions that could allow attackers to gain root access to mobile devices. However, the search giant revealed today that its Project Zero team has detected that same bug being used in the wild, affecting newer Android kernel versions (via ZDNet).

Google says the vulnerability is affecting the Pixel 2 phones and some devices manufactured by Samsung, Xiaomi, Motorola, Huawei, and OPPO. Specifically, the following models running Android 8.0 and later (unless specified otherwise) are impacted:

  • Pixel 2 with Android 9 and Android 10 preview
  • Huawei P20
  • Xiaomi Redmi 5A
  • Xiaomi Redmi Note 5
  • Xiaomi A1
  • Oppo A3
  • Moto Z3
  • Oreo LG phones
  • Samsung Galaxy S7, S8, S9

Google's researchers note that this bug may work on a broad set of handsets as it "requires little or no per-device customization." That's on top of the devices enumerated above.

The Mountain View-based company's Threat Analysis Group (TAG) also confirmed that bad actors have already been using the exploit to launch attacks in the real world. TAG claims the bug is sold by Israel-based NSO Group, which supplies hacking tools to governments.

A representative from the Android Open Source Project also confirmed that the bug is classified as a "High severity on Android". Nevertheless, a new fix is now available on the Android Common Kernel. In addition, the first and second-generation Pixel devices will be patched as part of the October update while the Pixel 3 and 3A phones won't be affected.

Report a problem with article
Next Article

Save over a thousand bucks off a lifetime subscription to Slidebean Premium

Previous Article

Office Insiders on Mac get ink replay for PowerPoint and a Visio add-in for Excel

15 Comments - Add comment