Google Project Zero recently discovered that the previously patched zero-day vulnerability affecting Android smartphones in late 2017 is still posing security threat to a series of models that did not receive a proper code update. The affected models include: Pixel / Pixel 2, Samsung Galaxy S7/8/9, Huawei P20, Xiaomi Redmi 5A / Note 5, Xiaomi A1, Oppo A3, Moto Z3, plus all LG handhelds initially launched with Android 8.0 back in 2H 2017.
Unlike other security breaches that only pose a theoretical threat, this zero-day exploit is already being actively exploited by the Israeli-based NSO hacking team, which was responsible for the proliferation of the Pegasus smartphone spyware released in 2016. Google informs that the hackers can gain complete access of the affected phone through malicious code acquired via an untrusted app.
Researcher Maddie Stone explains that “the bug is a local privilege escalation vulnerability that allows for a full compromise of a vulnerable device. If the exploit is delivered via the web, it only needs to be paired with a renderer exploit, as this vulnerability is accessible through the sandbox.”
Pixel and Pixel 2 devices will receive a security update in the next few days, while the other OEMs are strongly advised to update their handheld software in order to include the latest security patch issued by Google, which further cautions users of the aforementioned models to stay away from untrusted apps until the October security update is made available.
Loading Comments
I first stepped into the wondrous IT&C world when I was around seven years old. I was instantly fascinated by computerized graphics, whether they were from games or 3D applications like 3D Max. I'm also an avid reader of science fiction, an astrophysics aficionado, and a crypto geek. I started writing PC-related articles for Softpedia and a few blogs back in 2006. I joined the Notebookcheck team in the summer of 2017 and am currently a senior tech writer mostly covering processor, GPU, and laptop news.
> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2019 10 > Older zero-day Android exploit still affects Google Pixel, Samsung Galaxy and other handhelds
Bogdan Solca, 2019-10- 4 (Update: 2019-10- 4)