Pixel, Samsung, LG, Xiaomi and other Android phones are affected by zero-day vulnerability

Pixel, Samsung, LG, Xiaomi and other Android phones are affected by zero-day vulnerability
According to ZDNet, Google announced yesterday that an Android vulnerability previously patched back in December 2017 was discovered once again on certain phones running Android 8.x or later. The vulnerability was found in Android's kernel code and could allow a hacker to gain root access over a phone. That would allow a bad actor to steal data from a handset, make changes to the operating system and more.  Google's Project Zero team discovered the vulnerability and its Threat Analysis Group (TAG) found that it was being used in real-world attacks right now.

It appears that this new alert has nothing to do with the zero-day vulnerability that recently affected iOS users. The latter was discovered to be the work of a Chinese state-sponsored group that was conducting surveillance against citizens of China. The models currently affected include:

Google notes that the vulnerability is being exploited now with attacks taking place in the real world making it a true zero-day vulnerability. The company stated that the "exploit requires little or no per-device customization," which means that it might also be found on a wider range of handsets than those listed above. Google's Threat Analysis Group says that this is the work of Israel's NSO Group which has been known to sell surveillance tools and exploits. However, when reached by ZDNet for a comment, the company denied having anything to do with this vulnerability and said, "NSO did not sell and will never sell exploits or vulnerabilities. This exploit has nothing to do with NSO; our work is focused on the development of products designed to help licensed intelligence and law enforcement agencies save lives."

According to a spokesman for the Android Open Source Product, there are certain conditions that need to be met for the vulnerability to be exploited. The good news, as far as Pixel users are concerned, is that the October security update, due out any day, will patch this.


Under Google's policies, the company had to report this issue to the public within seven days, or when a patch is released (whichever came first). To reiterate, the October security update for the Pixels is due any day.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless