Notebookcheck

Older zero-day Android exploit still affects Google Pixel, Samsung Galaxy and other handhelds

The older 0-day exploit allows hackers to gain full control of the affected smartphone through pieces of code hidden in an untrusted app. (Source: Portal GDA)
The older 0-day exploit allows hackers to gain full control of the affected smartphone through pieces of code hidden in an untrusted app. (Source: Portal GDA)
Many models that launched with Android 8.0 are still affected by a 0-day vulnerability that was not properly patched in 2017. The list of models includes: Google's Pixel 1 and 2, Samsung's Galaxy S7/8/9, Huawei P20, Xiaomi Redmi 5A / Note 5, Xiaomi A1, Oppo A3, Moto Z3, and all LG's smartphones launched in 2H 2017.

Google Project Zero recently discovered that the previously patched zero-day vulnerability affecting Android smartphones in late 2017 is still posing security threat to a series of models that did not receive a proper code update. The affected models include: Pixel / Pixel 2, Samsung Galaxy S7/8/9, Huawei P20, Xiaomi Redmi 5A / Note 5, Xiaomi A1, Oppo A3, Moto Z3, plus all LG handhelds initially launched with Android 8.0 back in 2H 2017.

Unlike other security breaches that only pose a theoretical threat, this zero-day exploit is already being actively exploited by the Israeli-based NSO hacking team, which was responsible for the proliferation of the Pegasus smartphone spyware released in 2016. Google informs that the hackers can gain complete access of the affected phone through malicious code acquired via an untrusted app.

Researcher Maddie Stone explains that “the bug is a local privilege escalation vulnerability that allows for a full compromise of a vulnerable device. If the exploit is delivered via the web, it only needs to be paired with a renderer exploit, as this vulnerability is accessible through the sandbox.”

Pixel and Pixel 2 devices will receive a security update in the next few days, while the other OEMs are strongly advised to update their handheld software in order to include the latest security patch issued by Google, which further cautions users of the aforementioned models to stay away from untrusted apps until the October security update is made available.

Working For Notebookcheck

Are you a techie who knows how to write? Then join our Team! Especially English native speakers welcome!

Currently wanted: 
News and Editorial Editor - Details here

static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2019 10 > Older zero-day Android exploit still affects Google Pixel, Samsung Galaxy and other handhelds
Bogdan Solca, 2019-10- 4 (Update: 2019-10- 4)
Bogdan Solca
Bogdan Solca - News Editor
I stepped into the wonderous IT&C world when I was around 7. I was instantly fascinated by computerized graphics, be them from games or 3D applications like 3D Max. I like to keep myself up to date with all the new technologies that get released at an ever increasing rate these days. I'm also an avid SciFi reader, an astrophysics aficionado and, as of late, a crypto geek.