Android security continues to evolve. Monthly patches are able to prevent
existing threats, while Google Play Protect combing malware from the Play
Store.
Despite this achievement, there are still instances of the person out there
that can exploit the Android code for malicious purposes.
The Google Project Zero team recently reported that incident, and you might
be at risk if you have one of the vulnerable phones that Google has listed.
The vulnerabilities in question affect Android kernel code, allowing a
hacker to gain root access through malicious sideload apps. With root access,
attackers can manipulate privileges, steal data, and even damage the operating
system.
Google initially discovered this vulnerability in the year 2017. The
security patches released in December 2017 shut down exploit in the 4.14 LTS
kernel, as well as the AOSP Android 3.18, 4.4, and 4.9 kernels.
However, some of the most popular Android devices recently discovered are
still vulnerable to this Zero-Day special threat.
Here is a list of vulnerable phones affected by Zero-Day threats:
Pixel 1 and 2
Huawei P20
Xiaomi A1, Redmi 5A, Redmi Note 5
Oppo A3
Moto Z3
LG phones with Android 8 Oreo
Samsung Galaxy S7, S8, S9
The Google Project Zero confirms this bug has been exploited in a number of
active handsets and marks that weakness as a high priority.
Impacted Pixel phones will receive a security patch in October that will
resolve vulnerable. But the rest of the devices in this list are not yet known
when the security update will be released.
Hopefully each OEM can launch an update ASAP.
Tidak ada komentar:
Posting Komentar