Notebookcheck
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 

Older zero-day Android exploit still affects Google Pixel, Samsung Galaxy and other handhelds

The older 0-day exploit allows hackers to gain full control of the affected smartphone through pieces of code hidden in an untrusted app. (Source: Portal GDA)
The older 0-day exploit allows hackers to gain full control of the affected smartphone through pieces of code hidden in an untrusted app. (Source: Portal GDA)
Many models that launched with Android 8.0 are still affected by a 0-day vulnerability that was not properly patched in 2017. The list of models includes: Google's Pixel 1 and 2, Samsung's Galaxy S7/8/9, Huawei P20, Xiaomi Redmi 5A / Note 5, Xiaomi A1, Oppo A3, Moto Z3, and all LG's smartphones launched in 2H 2017.
Bogdan Solca,
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 

Google Project Zero recently discovered that the previously patched zero-day vulnerability affecting Android smartphones in late 2017 is still posing security threat to a series of models that did not receive a proper code update. The affected models include: Pixel / Pixel 2, Samsung Galaxy S7/8/9, Huawei P20, Xiaomi Redmi 5A / Note 5, Xiaomi A1, Oppo A3, Moto Z3, plus all LG handhelds initially launched with Android 8.0 back in 2H 2017.

Unlike other security breaches that only pose a theoretical threat, this zero-day exploit is already being actively exploited by the Israeli-based NSO hacking team, which was responsible for the proliferation of the Pegasus smartphone spyware released in 2016. Google informs that the hackers can gain complete access of the affected phone through malicious code acquired via an untrusted app.

Researcher Maddie Stone explains that “the bug is a local privilege escalation vulnerability that allows for a full compromise of a vulnerable device. If the exploit is delivered via the web, it only needs to be paired with a renderer exploit, as this vulnerability is accessible through the sandbox.”

Pixel and Pixel 2 devices will receive a security update in the next few days, while the other OEMs are strongly advised to update their handheld software in order to include the latest security patch issued by Google, which further cautions users of the aforementioned models to stay away from untrusted apps until the October security update is made available.

static version load dynamic
Loading Comments
Comment on this article
Bogdan Solca
Bogdan Solca - Senior Tech Writer - 1577 articles published on Notebookcheck since 2017
I first stepped into the wondrous IT&C world when I was around seven years old. I was instantly fascinated by computerized graphics, whether they were from games or 3D applications like 3D Max. I'm also an avid reader of science fiction, an astrophysics aficionado, and a crypto geek. I started writing PC-related articles for Softpedia and a few blogs back in 2006. I joined the Notebookcheck team in the summer of 2017 and am currently a senior tech writer mostly covering processor, GPU, and laptop news.
contact me via: Facebook
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2019 10 > Older zero-day Android exploit still affects Google Pixel, Samsung Galaxy and other handhelds
Bogdan Solca, 2019-10- 4 (Update: 2019-10- 4)