Google’s Project Zero team has detected an Android vulnerability that is being used to exploit Android kernel versions in the real world, ZDNet reports. Google fixed this vulnerability in older Android versions back in 2017 that allows the attackers to gain root access to mobile devices.[wpinsertshortcodead id=”zxikm5d3e04a8f1451″]
As per the report, Pixel 2, and the devices by Samsung, Motorola, Xiaomi, OPPO, and Huawei are getting affected by this vulnerability. Researchers find that the vulnerability affects the following models, which are running on Android 8 or later:
- Pixel 2 with Android 9 and Android 10 preview
- Huawei P20
- Xiaomi Redmi 5A
- Xiaomi Redmi Note 5
- Xiaomi A1
- Oppo A3
- Moto Z3
- Oreo LG phones
- Samsung S7, S8, S9
Google researchers also noted, “We have evidence that this bug is being used in the wild. Therefore, this bug is subject to a 7-day disclosure deadline. After 7 days elapse or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public.”
The search giant company’s Threat Analysis Group (TAG) confirmed that the vulnerability has already been used in the real-world to attack. TAG also believes that the Android zero-day is the work of the Israeli-based company NSO group, which sells exploits and surveillance tools.
A spokesperson of the Android Open Source Project mentioned, “This issue is rated as High severity on Android and by itself requires installation of a malicious application for potential exploitation. Any other vectors, such as via a web browser, require chaining with an additional exploit.” However, the fix is available on the Android Common Kernel. Moreover, Pixel 3 and 3a devices aren’t affected, whereas the Pixel 1 and Pixel 2 devices will be patched with the October Update.