You are able to read the full article Here
Hello everyone and welcome back to another cyber security blog post, In this post I am going to be sharing one of the most recent 0-day exploits that was found in android phones. So lets get going
Some hackers have found a 0-day exploit in Googles Operating system that can get them full control over the phone, This exploit has been reported in being in 18 different models of phones. The exploit is able to be completed if the user installs an untrusted app or by an online attack. Below is a list of phones that have been reported as vulnerable
Pixel 1 XL
Pixel 2 XL
Xiaomi Redmi 5A
Xiaomi Redmi Note 5
Oreo LG phones
One of the developers from google stated that fixing this exploit is a high priority for them and some patches for some of the pixel phones are going to be rolled out in this months security update. Unfortunatly they have not stated when patches are going to be rolled out for all of the other phones.
The use-after-free vulnerability originally appeared in the Linux kernel and was patched in early 2018 in version 4.14, without the benefit of a tracking CVE. That fix was incorporated into versions 3.18, 4.4, and 4.9 of the Android kernel. For reasons that weren’t explained in the post, the patches never made their way into Android security updates. That would explain why earlier Pixel models are vulnerable and later ones are not. The flaw is now tracked as CVE-2019-2215. 🤦
While the vulnerability reported on Thursday is serious, vulnerable Android users shouldn’t panic. The chances of being exploited by attacks as expensive and targeted as the one described by Project Zero are extremely slim. Just the same, it may make sense to hold off installing non-essential apps and to use a non-Chrome browser until after the patch is installed.
Well that’s about it for this blog post. As always if you enjoy my content you can support me by becoming a patreon Here This allows me to make blogging a full-time job and gives me more time to blog as I do not need to get a part-time job. When you become a patreon you unlock perks such as premium support, Custom roles in the discord, Access to bot code and much more. I would highly suggest checking it out.
Thanks for your support