A newly discovered an android vulnerability that affects a wide range of devices from Google, Samsung, Xiaomi, LG, Huawei, and some other manufacturers.
The vulnerability was discovered by Google’s security group, Project Zero, last week and is already being exploited by attackers. According to the post published about the vulnerability, there is little or no customization required to root a phone that is infected.
There are speculations that the bug is being used by NSO, a security software firm based in Israel. However, a spokesperson for the company said: “NSO did not sell and will never sell exploits or vulnerabilities,”.
It was also reported that the bug was fixed in earlier versions 3.18, 4.4, and 4.9 of AOSP Android Kernel in December 2017 but has re-emerged in new versions.
Below is a list of affected devices:
- Pixel 2
- Huawei P20
- Redmi 5A
- Redmi Note 5
- Xiaomi Mi A1
- OPPO A3
- Moto Z3
- LG phones running Android Oreo
- Samsung Galaxy S7
- Samsung Galaxy S8
- Samsung Galaxy S9
The vulnerability needs to be exploited locally, so users are advised not to download apps from untrusted sources until an update that nullifies the threat has been rolled out.
UP NEXT: Android 10 update for OnePlus 7 series has not rolled out to everyone yet
