Left Menu
Development News Edition

Is your device safe? These smartphones are vulnerable to a major Android bug

Pixel 3 and 3a devices are not vulnerable while Pixel 1 and 2 devices will be receiving updates for this issue as part of the October update," Android said in a statement.

Devdiscourse News Desk | New Delhi | Updated: 07-10-2019 10:45 IST | Created: 06-10-2019 16:28 IST
Is your device safe? These smartphones are vulnerable to a major Android bug
Image Credit: Google

Google's Project Zero researchers recently discovered a new zero-day vulnerability in the Android operating system that would allow hackers to gain full access to at least eighteen Android smartphones, including that from Samsung, Google, and Xiaomi.

The bug is a kernel privilege escalation using a use-after-free vulnerability and was allegedly being used or sold by the NSO Group, an Israel-based cyber-intelligence firm, Google security researcher Maddie Stone quoted Threat Analysis Group (TAG) and external parties as saying in a post. The vulnerability is exploitable in two ways:

  • via untrusted or malicious apps, or
  • via web

According to Maddie's post, "the bug is a local privilege escalation vulnerability that allows for a full compromise of a vulnerable device. If the exploit is delivered via the Web, it only needs to be paired with a renderer exploit, as this vulnerability is accessible through the sandbox."

Here is the list of vulnerable devices:

  • Google Pixel 1
  • Google Pixel 2 with Android 9 and Android 10 preview
  • Huawei P20
  • Xiaomi Redmi 5A
  • Xiaomi Redmi Note 5
  • Xiaomi A1
  • Oppo A3
  • Moto Z3
  • Oreo LG phones
  • Samsung Galaxy S7, Galaxy S8, Galaxy S9

"This issue was patched in Dec 2017 in the 4.14 LTS kernel, AOSP android 3.18 kernel, AOSP android 4.4 kernel, and AOSP android 4.9 kernel versions, but the Pixel 2 with most recent security bulletin is still vulnerable based on source code review," the Maddies's post further added.

"This issue is rated as High severity on Android and by itself requires installation of a malicious application for potential exploitation. Any other vectors, such as via a web browser, require chaining with an additional exploit. We have notified Android partners and the patch is available on the Android Common Kernel. Pixel 3 and 3a devices are not vulnerable while Pixel 1 and 2 devices will be receiving updates for this issue as part of the October update," Android said in response to the vulnerability identified by the Project Zero team.


TRENDING

OPINION / BLOG / INTERVIEW

Turbulence surrounding tobacco control in Ghana

... ...

Refugee compassion and response: Ideas to mitigate disasters now and in their future

Their homeland becomes a forbidden territory for them and more likely than not, their journey to foreign soil is no less traumatizing, not to say deadly. It is crucial to help refugees live a life of dignity and purpose....

Inadequate water infrastructure causes a tidal wave of coronavirus in rural Alaska

... ...

Videos

Latest News

Keen to learn from drag-flickers in Senior team, says defender Gagandeep Kaur

Defender Gagandeep Kaur, who has been a part of the Indian Junior Womens Hockey team since 2016, is aiming to progress in her career by learning new tricks. The 21-year-old, who had helped the Indian Junior Womens Hockey team to a Gold Meda...

Mumbai Trans Harbour Link project likely to be completed by 2022

Maharashtra Minister for Urban Development Eknath Shinde said that the Mumbai Trans Harbour Link MTHL project is likely to be completed by October 2022. He along with Mumbai Metropolitan Region Development Authority MMRDA chief RA Rajiv on ...

Mexico records 12,127 new COVID-19 cases in past 24 hours

Mexico City Mexico, December 5 ANISputnik Mexico has registered 12,127 new COVID-19 cases within the past 24 hours marking the largest daily increase since the start of the outbreak, the national Ministry of Health said. The total number of...

Napoli stadium renamed after Maradona

Italian side Napolis San Paolo stadium has been renamed after Diego Maradona in memory of the late Argentina legend who led them to their only two Serie A titles during his seven-year run with Napoli from 1984 to 1991. The Naples city counc...

Give Feedback