Pixel, Samsung, LG, Xiaomi and other Android phones are affected by zero-day vulnerability

Pixel, Samsung, LG, Xiaomi and other Android phones are affected by zero-day vulnerability
According to ZDNet, Google announced yesterday that an Android vulnerability previously patched back in December 2017 was discovered once again on certain phones running Android 8.x or later. The vulnerability was found in Android's kernel code and could allow a hacker to gain root access over a phone. That would allow a bad actor to steal data from a handset, make changes to the operating system and more.  Google's Project Zero team discovered the vulnerability and its Threat Analysis Group (TAG) found that it was being used in real-world attacks right now.

It appears that this new alert has nothing to do with the zero-day vulnerability that recently affected iOS users. The latter was discovered to be the work of a Chinese state-sponsored group that was conducting surveillance against citizens of China. The models currently affected include:

Google notes that the vulnerability is being exploited now with attacks taking place in the real world making it a true zero-day vulnerability. The company stated that the "exploit requires little or no per-device customization," which means that it might also be found on a wider range of handsets than those listed above. Google's Threat Analysis Group says that this is the work of Israel's NSO Group which has been known to sell surveillance tools and exploits. However, when reached by ZDNet for a comment, the company denied having anything to do with this vulnerability and said, "NSO did not sell and will never sell exploits or vulnerabilities. This exploit has nothing to do with NSO; our work is focused on the development of products designed to help licensed intelligence and law enforcement agencies save lives."

According to a spokesman for the Android Open Source Product, there are certain conditions that need to be met for the vulnerability to be exploited. The good news, as far as Pixel users are concerned, is that the October security update, due out any day, will patch this.


Under Google's policies, the company had to report this issue to the public within seven days, or when a patch is released (whichever came first). To reiterate, the October security update for the Pixels is due any day.

FEATURED VIDEO

13 Comments

1. ph00ny

Posts: 2053; Member since: May 26, 2011

and october security update will probably address if not november

2. apple-rulz

Posts: 2195; Member since: Dec 27, 2016

This is not an issue, all android users are extremely tech savvy so there is no way any android user could have been affected.

4. Alcyone

Posts: 484; Member since: May 10, 2018

No. I was just gonna put my daughters s7 and my s9+ in the trash. Figure thats the best option, right?

5. MsPooks

Posts: 166; Member since: Jul 08, 2019

I read elsewhere that all affected users are recent converts from Apple, who haven't had a chance to doff their ignorance after living in the walled garden that was no better.

6. DBozz

Posts: 66; Member since: Sep 19, 2019

:D good one! Better ignore this guy. He is like that one bird who always come and s**t on the car deliberatly which was just water washed.

14. pupkin

Posts: 149; Member since: Feb 04, 2015

All Android devices connected to the internet is already been hacked. Don’t be a dumb ass and think hard.

7. apple-rulz

Posts: 2195; Member since: Dec 27, 2016

Non sequitur-if they had converted it would have been due to a tech savvy awakening, therefore the ignorance would have been gone already. Nice try though.

13. Plutonium239

Posts: 1232; Member since: Mar 17, 2015

If they were converted they were likely sweet talked into it by a sales rep, being sheep they easily fell for the sales pitch.

3. Humbledude

Posts: 12; Member since: Nov 30, 2012

Oh No!!!! LG will have to push out updates to LG G7 Users on Sprint who have been waiting for AndroidPie since....March.....

8. gadgetpower

Posts: 283; Member since: Aug 23, 2019

This is where apple is better than android. They patch immediately across iphones for security breaches.

11. koioz

Posts: 162; Member since: Nov 29, 2018

You're joking right? Android has monthly security update even though they are little bit slow in update for newer android version. How can say that ios is fater in pacthing vulnerability if the safari bug is around for 2 years? d**b**s

9. AlienKiss

Posts: 199; Member since: May 21, 2019

Does this mean I can root my S8+ this way? :)) Where's the source for this article? I'd really like to look into it.

12. Bogdan88

Posts: 4; Member since: Jan 03, 2016

Damn the comm section is on fire today

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.