Newly discovered zero-day allows attackers root access of Pixels, Samsungs, among others


4, 2019

A newly discovered zero-day vulnerability was detailed by Google this week. The vulnerability allows attackers to gain access to select devices running Android 8 or later. 

These included:

  • Pixel 2 with Android 9 and Android 10 preview
  • Huawei P20
  • Xiaomi Redmi 5A
  • Xiaomi Redmi Note 5
  • Xiaomi A1
  • Oppo A3
  • Moto Z3
  • Oreo LG phones
  • Samsung S7, S8, S9

While Google does say the flaw should work on a wide range of devices, it has only been able to confirm it on the following devices. The good news is that the firm can fix this quickly for Android 10 devices. One of the features that came with the update was the ability to install security updates from the Play Store, which means that vulnerable devices going forward would be easily patched as simply as one updates an app.

The better news is that the flaw isn’t exploitable remotely. A user must first install a malicious application first for it to really do some damage. Nevertheless, Google is patching this as soon as it can.

“We have notified Android partners and the patch is available on the Android Common Kernel. Pixel 3 and 3a devices are not vulnerable while Pixel 1 and 2 devices will be receiving updates for this issue as part of the October update,” Google said. 

Via: ZDNet

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}