Google’s Project Zero researchers have discovered a critical security flaw in its own Android that affected some popular smartphones across brands. Researchers claim the “zero-day” flaw was exploited in the real-world by Israel’s NSO Group, known for the Pegasus interception software.
The flaw affected Google’s recent Android 8.x and above versions. Interestingly enough, the bug was fixed in earlier iterations of Android (3.18, 4.4, 4.9) but resurfaced again.
According to Google researchers, the Android vulnerability affects the following phones: Samsung S7, Samsung S8 and Samsung 9, LG Oreo, Moto Z3, Oppo A3, Xiaomi Mi A1, Xiaomi Redmi Note 5 and Xiaomi Redmi 5A, Huawei P20, and Google’s own Pixel 2 with Android 9 and Android 10.
Researchers also pointed out that while the security flaw was quite critical, it wasn’t as dangerous as the other zero-day exploits.
“This issue is rated as High severity on Android and by itself requires installation of a malicious application for potential exploitation. Any other vectors, such as via web browser, require chaining with an additional exploit,” an Android spokesperson explained on the official forum.
“We have notified Android partners and the patch is available on the Android Common Kernel. Pixel 3 and 3a devices are not vulnerable while Pixel 1 and 2 devices will be receiving updates for this issue as part of the October update.”
WhatsApp us