Another day and another security flaw, but this time it is discovered in Android’s OS kernel code which has now been far stretched from Pixel phones to Samsung, Huawei, Xiaomi and others.
The reported vulnerability is on zero day status being found on a number of present day devices and it apparently has been exploited by a company called the NSO Group based in Israel (however the company denied any involvement with the exploit). Moreover, just for precautionary measures, Google itself has been proactive in publishing proof of concept for the Android OS vulnerability, so you could easily check if there are other devices affected by it or not.
The list of affected devices include Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Huawei P20, Redmi 5A, Redmi Note 5, Mi A1, Oppo A3, Moto Z3, Oreo LG phones, Samsung Galaxy S7, Samsung Galaxy S8, and Samsung Galaxy S9. While for others, the tech giant has advised to keep a check by following the proof of concept.
The vulnerability only gets exploited once the user installs a malicious app, which also makes it less dangerous as compared to other security threats. Besides that, according to Project Zero member Tim Willis, the attacker can get to having the root access of a device via kernel privilege escalation using a use-after free vulnerability, accessible from inside the Chrome sandbox.
For further protection, Google has informed all of its Android partners about the vulnerability and has even released the patch on Android Common Kernel as well. Whereas, Pixel Users (those who have Pixel 1 & 2 in particular, since Pixel 3 is free from any such threat) will get the patch in an update coming this October.
Project Zero usually takes 90 days to fix any such issues and make it public but looking at the way the vulnerability has been exploited, the process only took seven days. Hopefully, OEMs will also release the patch to affected devices soon, just like Pixel.
Photo: Bloomberg / Getty Images
Read next: 172 infected apps discovered on Google Play and this needs our attention
The reported vulnerability is on zero day status being found on a number of present day devices and it apparently has been exploited by a company called the NSO Group based in Israel (however the company denied any involvement with the exploit). Moreover, just for precautionary measures, Google itself has been proactive in publishing proof of concept for the Android OS vulnerability, so you could easily check if there are other devices affected by it or not.
The list of affected devices include Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Huawei P20, Redmi 5A, Redmi Note 5, Mi A1, Oppo A3, Moto Z3, Oreo LG phones, Samsung Galaxy S7, Samsung Galaxy S8, and Samsung Galaxy S9. While for others, the tech giant has advised to keep a check by following the proof of concept.
The vulnerability only gets exploited once the user installs a malicious app, which also makes it less dangerous as compared to other security threats. Besides that, according to Project Zero member Tim Willis, the attacker can get to having the root access of a device via kernel privilege escalation using a use-after free vulnerability, accessible from inside the Chrome sandbox.
For further protection, Google has informed all of its Android partners about the vulnerability and has even released the patch on Android Common Kernel as well. Whereas, Pixel Users (those who have Pixel 1 & 2 in particular, since Pixel 3 is free from any such threat) will get the patch in an update coming this October.
Project Zero usually takes 90 days to fix any such issues and make it public but looking at the way the vulnerability has been exploited, the process only took seven days. Hopefully, OEMs will also release the patch to affected devices soon, just like Pixel.
Photo: Bloomberg / Getty Images
Read next: 172 infected apps discovered on Google Play and this needs our attention
