International Development News
Development News Edition

Is your device safe? These smartphones are vulnerable to a major Android bug

Pixel 3 and 3a devices are not vulnerable while Pixel 1 and 2 devices will be receiving updates for this issue as part of the October update," Android said in a statement.


Is your device safe? These smartphones are vulnerable to a major Android bug
Image Credit: Google

Google's Project Zero researchers recently discovered a new zero-day vulnerability in the Android operating system that would allow hackers to gain full access to at least eighteen Android smartphones, including that from Samsung, Google, and Xiaomi.

The bug is a kernel privilege escalation using a use-after-free vulnerability and was allegedly being used or sold by the NSO Group, an Israel-based cyber-intelligence firm, Google security researcher Maddie Stone quoted Threat Analysis Group (TAG) and external parties as saying in a post. The vulnerability is exploitable in two ways:

  • via untrusted or malicious apps, or
  • via web

According to Maddie's post, "the bug is a local privilege escalation vulnerability that allows for a full compromise of a vulnerable device. If the exploit is delivered via the Web, it only needs to be paired with a renderer exploit, as this vulnerability is accessible through the sandbox."

Here is the list of vulnerable devices:

  • Google Pixel 1
  • Google Pixel 2 with Android 9 and Android 10 preview
  • Huawei P20
  • Xiaomi Redmi 5A
  • Xiaomi Redmi Note 5
  • Xiaomi A1
  • Oppo A3
  • Moto Z3
  • Oreo LG phones
  • Samsung Galaxy S7, Galaxy S8, Galaxy S9

"This issue was patched in Dec 2017 in the 4.14 LTS kernel, AOSP android 3.18 kernel, AOSP android 4.4 kernel, and AOSP android 4.9 kernel versions, but the Pixel 2 with most recent security bulletin is still vulnerable based on source code review," the Maddies's post further added.

"This issue is rated as High severity on Android and by itself requires installation of a malicious application for potential exploitation. Any other vectors, such as via a web browser, require chaining with an additional exploit. We have notified Android partners and the patch is available on the Android Common Kernel. Pixel 3 and 3a devices are not vulnerable while Pixel 1 and 2 devices will be receiving updates for this issue as part of the October update," Android said in response to the vulnerability identified by the Project Zero team.


TRENDING

OPINION/BLOG/INTERVIEW

'No escape from telephones', this 1953 prediction actually comes true

In 1953, a telephone company chief predicted that therell be no escape from telephones in the future....

With Ayodhya verdict, CJI starts clearing high profile pending cases

Ending all the speculations, the Chief Justice of India Mr. Ranjan Gogoi who is due to retire on November 17 decided to deliver the verdict in Ayodya dispute at 10.30 am on Saturday which is not a working day for the Supreme Court. This is ...

How partnerships and collaborations could enhance teacher training

Monica Malhotra Kandhari, Managing Director, MBD Group shares her views on public private partnership and collaborations in education sector. She supports her propositions with her organisations success stories....

Fixed Test centers would facelift level of WTC in India

The venues for the test matches in India should be fixed so that World Test Championship matches remain fair....

Videos

Latest News

Nearly 75,000 BSNL employees have opted for VRS so far: Chairman

As many as 75,000 employees of Bharat Sanchar Nigam Ltd BSNL have already opted for the VRS scheme which rolled out recently, Chairman and Managing Director of the state-owned telecom corporation PK Purwar said on Thursday. In all, nearly o...

UPDATE 1-Facebook signs lease for office space in Hudson Yards

Facebook Inc signed a lease for over 1.5 million square feet of office space across 30 floors and three buildings in New York Citys Hudson Yards, according to a statement by the luxury and commercial real estate development on Thursday.Huds...

UPDATE 1-U.S. House Speaker seeks to pass trade deal with Mexico, Canada this year

U.S. House Speaker Nancy Pelosi on Thursday said a breakthrough in talks with the Trump administration on the trade pact with Mexico and Canada could be imminent and that she wanted to pass the deal by the end of the year. We are moving pos...

Triple MotoGP world champion Lorenzo retires

Valencia, Nov 14 AFP Three-times MotoGP world champion Jorge Lorenzo, who suffered a fractured spine this season, said Thursday he would retire following the Valencia Grand Prix. The 32-year-old Spaniard who rides for Honda and claimed the ...

Give Feedback