The Project Zero team, made up of Google's security engineers and researchers, recently discovered one of the biggest security flaws in Android. One Google spokesman even described this problem as "very serious" by the number of devices affected and it seems that this vulnerability could Was already exploited by cyber criminals.
Even the Project Zero team usually agrees to publish the vulnerability discovery 90 days after it is sent to the affected company, so they have time to fix it before the information is published.However, Project Zero provided it to the Android team 7 days to resolve the issue, where the report was submitted to That team on September 27.
The report notes that the vulnerability lies in the kernel code for Android, which is the basis of the operating system, and can be exploited so that the attacker can access the root of the device.
In simpler terms, this vulnerability ensures that someone has full access to your device and can remotely control it, without the user noticing that someone else has access to all the data on the device.
The list of affected devices for this vulnerability is as follows:
Pixel 1
Pixel 1 XL
Pixel 2
Pixel 2 XL
Huawei P20
Xiaomi Redmi 5A
Xiaomi Redmi Note 5
Xiaomi A1
Oppo A3
Moto Z3
Teléfonos Android Oreo LG
Samsung Galaxy S7
Samsung Galaxy S8
Samsung Galaxy S9
The list is extensive, affecting millions of people around the world, but the most dangerous thing is that Project Zero's team says that this list is not final, so there may be more phones affected by this vulnerability.
In fact, all computers running Android 8.0 Oreo and beyond are likely to be at risk.
In the case of Google and Samsung, both companies have already launched a security update that solves the problem, all you have to do is install the latest security patch for the two companies launched in October.
Google has already deployed a security patch for its partners, but it is up to them to start the update on their device. On the other hand, Google explained that Pixel 3 and Pixel 3a are out of danger.
Google itself reported that its own vulnerability was already corrected in December 2017, however, it has reappeared in future versions of the kernel for Android.
This loophole is also believed to have been used or sold by the NSO group in Israel, which participates in malicious programs used by governments even to spy on journalists and activists.
0 Comments