Newly discovered zero-day allows attackers root access of Pixels, Samsungs, among others

Reading time icon 2 min. read

Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

A newly discovered zero-day vulnerability was detailed by Google this week. The vulnerability allows attackers to gain access to select devices running Android 8 or later. 

These included:

  • Pixel 2 with Android 9 and Android 10 preview
  • Huawei P20
  • Xiaomi Redmi 5A
  • Xiaomi Redmi Note 5
  • Xiaomi A1
  • Oppo A3
  • Moto Z3
  • Oreo LG phones
  • Samsung S7, S8, S9

While Google does say the flaw should work on a wide range of devices, it has only been able to confirm it on the following devices. The good news is that the firm can fix this quickly for Android 10 devices. One of the features that came with the update was the ability to install security updates from the Play Store, which means that vulnerable devices going forward would be easily patched as simply as one updates an app.

The better news is that the flaw isn’t exploitable remotely. A user must first install a malicious application first for it to really do some damage. Nevertheless, Google is patching this as soon as it can.

“We have notified Android partners and the patch is available on the Android Common Kernel. Pixel 3 and 3a devices are not vulnerable while Pixel 1 and 2 devices will be receiving updates for this issue as part of the October update,” Google said. 

Via: ZDNet

More about the topics: android, android 10, google, security

Leave a Reply

Your email address will not be published. Required fields are marked *