My Profile Photo

Bencey's Blog

Informing the world about the application of Technology.
If you are looking for Tier III Technologies click the button below

Post: Attackers exploit 0-day vulnerability that gives full control of Android phones

You are able to read the full article Here

Hello everyone and welcome back to another cyber security blog post, In this post I am going to be sharing one of the most recent 0-day exploits that was found in android phones. So lets get going

Some hackers have found a 0-day exploit in Googles Operating system that can get them full control over the phone, This exploit has been reported in being in 18 different models of phones. The exploit is able to be completed if the user installs an untrusted app or by an online attack. Below is a list of phones that have been reported as vulnerable

Pixel 1

Pixel 1 XL

Pixel 2

Pixel 2 XL

Huawei P20

Xiaomi Redmi 5A

Xiaomi Redmi Note 5

Xiaomi A1

Oppo A3

Moto Z3

Oreo LG phones

Samsung S7

Samsung S8

Samsung S9

One of the developers from google stated that fixing this exploit is a high priority for them and some patches for some of the pixel phones are going to be rolled out in this months security update. Unfortunatly they have not stated when patches are going to be rolled out for all of the other phones.

The use-after-free vulnerability originally appeared in the Linux kernel and was patched in early 2018 in version 4.14, without the benefit of a tracking CVE. That fix was incorporated into versions 3.18, 4.4, and 4.9 of the Android kernel. For reasons that weren’t explained in the post, the patches never made their way into Android security updates. That would explain why earlier Pixel models are vulnerable and later ones are not. The flaw is now tracked as CVE-2019-2215. 🤦

While the vulnerability reported on Thursday is serious, vulnerable Android users shouldn’t panic. The chances of being exploited by attacks as expensive and targeted as the one described by Project Zero are extremely slim. Just the same, it may make sense to hold off installing non-essential apps and to use a non-Chrome browser until after the patch is installed.

Well that’s about it for this blog post. As always if you enjoy my content you can support me by becoming a patreon Here This allows me to make blogging a full-time job and gives me more time to blog as I do not need to get a part-time job. When you become a patreon you unlock perks such as premium support, Custom roles in the discord, Access to bot code and much more. I would highly suggest checking it out.

Thanks for your support