Google Warns Zero-Day Bug For Android Under Active Attack

Google has stated a warning of an Android zero-day flaw actively being exploited in the wild. This flaw impacts 18 Android models including Google’s flagship Pixel, Samsung, Huawei and Xiaomi.

Project Zero member Maddie Stone wrote in a technical post . which said the unpatched vulnerability(CVE-2019-2215) can be exploited in several ways. In one scenario, a target is enticed to download a rogue app. The second method of infection includes chaining the bug with an additional vulnerability in code the Chrome browser uses to render content.

“It is a kernel privilege escalation [bug] using a use-after free vulnerability, accessible from inside the Chrome sandbox,” Stone said. “The vulnerability is exploitable in Chrome’s renderer processes under Android’s ‘isolated_app’ SELinux domain, leading to us suspecting Binder as the vulnerable component.”

A patch for the vulnerability is expected in the next few days as part of Google’s October Android security update.

A list of vulnerable devices include: Pixel 1, Pixel 1 XL, Pixel 2, Pixel 2 XL, Huawei P20, Xiaomi Redmi 5A, Xiaomi Redmi Note, Xiaomi A1, Oppo A3, Moto Z3, Oreo LG phones, Samsung S7, Samsung S8 and Samsung S9.


Discover more from Patrick Domingues

Subscribe to get the latest posts sent to your email.

author avatar
Patrick Domingues

Leave a Comment

Stay Informed

Receive instant notifications when new content is released.