Google's Project Zero team has discovered a new Android Zero-Day vulnerability affecting popular brand smartphones and provides unauthorized access to the affected devices. Today, Google researchers found some important pieces of evidence which prove the existent of this vulnerability.
More About The New Android Zero-Day Vulnerability
It has been found that the new Zero-Day vulnerability resides in the Android device OS Linux kernel code which can be used by the hackers to gain root access to the affected Android smartphones.
It is to be noted that this vulnerability was patched back in December 2017 in Linux Kernel versions 3.18 LTS, 4.14, 4.4, and 4.9. However, the newer Linux Kernel versions are found to be vulnerable.
According to Google researchers, the "exploit requires little or no per-device customization,". This means that this vulnerability will affect a wide range of devices,
Lists Of Affected Devices
According to the blog post published by Google's Project Zero, the smartphones that are vulnerable to the flaw are from the popular mobile tech companies like Google, Huawei, Xiaomi, Samsung, and Oppo. These devices are mainly running on Android 8.x or later.
The list of vulnerable Android Smartphones:
- Google Pixel 1
- Google Pixel 1 XL
- Google Pixel 2 running Android 9 and Android 10 preview
- Google Pixel 2 XL
- Xiaomi Redmi 5A
- Xiaomi Redmi Note 5
- Xiaomi Redmi A1
- Huawei P20
- Oppo A3
- Moto Z3
- Oreo LG phones
- Samsung Galaxy S7
- Samsung Galaxy S8
- Samsung Galaxy S9
Google's Threat Analysis Group (TAG) has declared that the vulnerability is already being used in the real world. And it has been found that there is a link between the NSO group and the Zero-Day vulnerability.
For your knowledge, the NSO Group is a cyber intelligence firm of Isreal and is considered to develop exploits and find vulnerabilities and sell them to third parties. The famous Pegasus spyware was developed by NSO in 2016 which could easily break an Android or iOS device and access users' data.
The team members of Project Zero are working on to find a fix for this flaw and they have been assigned to do this in 90 days. It is suggested that Google Pixel smartphones will be first to receive the patch.