Older zero-day Android exploit still affects Google Pixel, Samsung Galaxy and other handhelds

The older 0-day exploit allows hackers to gain full control of the affected smartphone through pieces of code hidden in an untrusted app. (Source: Portal GDA)

Many models that launched with Android 8.0 are still affected by a 0-day vulnerability that was not properly patched in 2017. The list of models includes: Google's Pixel 1 and 2, Samsung's Galaxy S7/8/9, Huawei P20, Xiaomi Redmi 5A / Note 5, Xiaomi A1, Oppo A3, Moto Z3, and all LG's smartphones launched in 2H 2017.

Bogdan Solca, Published 10/04/2019

Google Project Zero recently discovered that the previously patched zero-day vulnerability affecting Android smartphones in late 2017 is still posing security threat to a series of models that did not receive a proper code update. The affected models include: Pixel / Pixel 2, Samsung Galaxy S7/8/9, Huawei P20, Xiaomi Redmi 5A / Note 5, Xiaomi A1, Oppo A3, Moto Z3, plus all LG handhelds initially launched with Android 8.0 back in 2H 2017.

Unlike other security breaches that only pose a theoretical threat, this zero-day exploit is already being actively exploited by the Israeli-based NSO hacking team, which was responsible for the proliferation of the Pegasus smartphone spyware released in 2016. Google informs that the hackers can gain complete access of the affected phone through malicious code acquired via an untrusted app.

Researcher Maddie Stone explains that “the bug is a local privilege escalation vulnerability that allows for a full compromise of a vulnerable device. If the exploit is delivered via the web, it only needs to be paired with a renderer exploit, as this vulnerability is accessible through the sandbox.”

Pixel and Pixel 2 devices will receive a security update in the next few days, while the other OEMs are strongly advised to update their handheld software in order to include the latest security patch issued by Google, which further cautions users of the aforementioned models to stay away from untrusted apps until the October security update is made available.

Source(s)

Gooogle Project Zero

via PCWorld

The Apache log4j vulnerability can potentially be used by threat actors to hack into Steam, Twitter, and other services (Image source: Panda Security)

Apache Log4j zero-day exploit could be used by hackers to target users on Steam, Twitter, Amazon, and other platforms 12/12/2021

Redmi has partnered with the Terminator franchise for a special Spanish event. (Source: Redmi)

The new Terminator movie sponsors a special sales event for the Redmi Note 8 Pro in Spain 10/27/2019

The Motorola Moto G8 Plus. (Source: Motorola)

Motorola unveils the Moto G8 Plus, announces new markets for the One Macro 10/24/2019

This may be what the Moto G8 Play looks like. (Source: Tudocelular)

The Moto G8 Play leaks, revealing triple cameras and a waterdrop-notched screen 10/18/2019

A 5G version of the Reno2 may be in the works. (Source: SoyaCincau)

A new Snapdragon 855 OPPO phone shows up on Geekbench 5 10/16/2019

The OPPO K5 is now official. (Source: OPPO)

OPPO unveils the new Snapdragon 730G-powered K5 10/13/2019

The Galaxy Note 10 is now said to be getting a cheaper variant. (Source: CNET)

Samsung may release further 'budget' versions of the Galaxy S10 and Note 10 10/12/2019

Xiaomi could have some advanced screen specs in the works. (Source: GSMArena)

Xiaomi could be the next OEM to the 120Hz display: new rumor 10/11/2019

OPPO Reno A with Snapdragon 710 now available in Japan for JP ¥35,800 (about US $330) 10/09/2019

Pokemon GO reportedly mistakes some MIUI users for cheaters. (Source: Niantic)

Pokemon GO reportedly bans Android players for running a certain version of MIUI 10/05/2019

The Reno2 F is the latest in its series. (Source: GSMArena)

OPPO will launch its Reno2 series in the UK in October 2019 10/04/2019

The putative Enjoy 10. (Source: Twitter)

Huawei allegedly adds a new device to its Enjoy smartphone series 10/04/2019

Chromebooks may get a new recovery method soon. (Source: MobileSyrup)

Chromebooks may become recoverable using an Android device soon 10/03/2019

Researchers at Symantec discover media file vulnerability in WhatsApp and Telegram 07/17/2019

PC-Doctor Tool For Windows is also believed to be vulnerable to cyber attacks. (Image source: Lifewire)

Cybersecurity company finds worrying vulnerability affecting millions of Dell laptops and desktops 06/22/2019

Razer is now working on a fix for the affected models released prior to 2016. (Source: Razer)

Razer's laptops confirmed to be affected by critical vulnerability 04/09/2019

Asus releases patch to fix Operation ShadowHammer vulnerability in Live Update Utility 03/26/2019

Loading Comments

Comment on this article

Google Shopping re-launches in the ...

Huawei allegedly adds a new device ...

Bogdan Solca - Senior Tech Writer - 2343 articles published on Notebookcheck since 2017

I first stepped into the wondrous IT&C world when I was around seven years old. I was instantly fascinated by computerized graphics, whether they were from games or 3D applications like 3D Max. I'm also an avid reader of science fiction, an astrophysics aficionado, and a crypto geek. I started writing PC-related articles for Softpedia and a few blogs back in 2006. I joined the Notebookcheck team in the summer of 2017 and am currently a senior tech writer mostly covering processor, GPU, and laptop news.

contact me via: Facebook

Please share our article, every link counts!