android zero-day vulnerability

Google has discovered a new Android zero-vulnerability that allows hackers to gain unauthorized access to various Android smartphones. This discovery has been made by Google’s Project Zero team.

New Android Zero-Day Vulnerability

It is suggested that the Android vulnerability rests in Android device’s Linux kernel code, which provides cybercriminals root access to Android smartphones.

On the contrary, the same Android zero-day vulnerability was supposedly patched back in 2017 in Linux kernel versions 3.18 LTS, 4.14, 4.4, and 4.9. However, the newer kernel versions were found to be vulnerable.

The vulnerability can be exploited in Google Chrome’s renderer processes and requires “little or no per-device customization,” which means it can access a lot of devices.

List of Vulnerable Devices

As per the blog post by Google’s Project Zero, there are a couple of Android devices that are vulnerable to the flaw. These smartphones are from major tech companies such as Google, Huawei, Samsung, Xiaomi, and even OPPO.

Here are the vulnerable Android smartphones:

  • Google Pixel 1
  • Google Pixel 1 XL
  • Google Pixel 2
  • Google Pixel 2 XL
  • Huawei P20
  • Xiaomi Redmi 5A
  • Xiaomi Redmi Note 5
  • Xiaomi A1
  • Oppo A3
  • Moto Z3
  • Oreo LG phones
  • Samsung Galaxy S7
  • Samsung Galaxy S8
  • Samsung Galaxy S9

How Severe Is This Vulnerability?

Google’s Threat Analysis Group (TAG) suggests that external parties in the real world are using the Android zero-day vulnerability. The usage of the flaw has been linked with the NSO Group.

For those who don’t know, the NSO Group is an Israel-based cyber intelligence company, which is said to develop exploits and sell it to several other companies.

NSO Group was also the one behind the famous Pegasus spyware it developed back in 2016. The malware could jailbreak an Android or iOS device to access user data.

While the flaw has been termed as “high severity on Android,” a fix is on its way. Google’s Project zero provides developers with 90 days to fix the security flaw.

Furthermore, it has been suggested that the patch will roll out to the Pixel smartphones very soon. However, there’s no word on when other devices will receive the patch.

We will update you on this. So, stay tuned to Fossbytes for more information.

Also Read: This WhatsApp Flaw Let Hackers Access Your Gallery Via GIFs