Critical Unpatched Zero-day Vulnerability found in Android OS

latest trends in cyber security

This is an era of cybersecurity attacks targeting Smartphones with the hiking in vulnerabilities in the operating systems like Android. Maddie Stone, a member of Google’s team project Zero, have discovered a critical unpatched ‘zero-day vulnerability’ (tracked as CVE-2019-2215) affecting the android operating system. 

Can you imagine someone is stealing all your data and personal information from your smartphone?

The flaw is a use-after-free zero-day vulnerability and resides in the kernel code of Android’s operating system. 

The flaw helps the attacker to gain full control of your phone. The worst part is that there is evidence that it is being actively exploited in the wild. 

Since the bug is already used by the real world, Google’s security researchers gave the Android only seven days to fix it before making their findings public.

According to Stone, the vulnerability tracked as CVE-2019-2215 affects “most Android devices pre-Fall 2018”.

‘The bug is a local privilege escalation vulnerability that follows for a full compromise of a vulnerable device. If the exploit is delivered via the web, it only needs to be paired with a renderer exploit, as this vulnerability is accessible through the sandbox,” Google’s project zero researcher Maddie Stone said.

Brains behind the bug 

Google’s TAG said it believes the Android zero-day is the work of NSO Group, a well known Israeli based spyware vendor known to sell exploits and surveillance tools like Pegasus Android and iOS spyware.

Are you one of them?

 So far Project Zero has confirmed that the issue affects the following models:

  • Pixel 2 with Android 9 and Android 10 preview
  • Huawei P20
  • Xiaomi Redmi 5A
  • Xiaomi Redmi Note 5
  • Xiaomi A1
  • Oppo A3
  • Moto Z3
  • Oreo LG phones
  • Samsung S7, S8, S9

Not as dangerous as it could have been!

The good news is that this Android zero-day is not as dangerous as past zero flaws. For starters, it’s not an RCE (Remote Code Execution) vulnerability.

What can you do to protect yourself?

  •  By installing the latest software releases keep your software and security patches up to date. 
  • Most software vendors quickly patch a security vulnerability. Check for a solution when a zero-day vulnerability is announced.
  • Establish safe and effective personal online security habits.

Don’t underestimate the threat! 

Cybercriminals will always try to exploit vulnerabilities and gain access to your devices. They can use your information for a range of cybercrimes including identity theft, bank fraud, etc.

The patch for the vulnerability is expected to be released in October’s Android Security Bulletin.

For the latest cyber threats and the latest hacking news please follow us on FacebookLinkedin, and Twitter.



Please rate this content