Latest in Gear

Image credit:

Google found a serious Android flaw affecting Pixel, Samsung and Huawei phones

It impacts devices running Android 8.x and later versions.
680 Shares
Share
Tweet
Share

Sponsored Links

Google researchers have discovered an unpatched vulnerability on its own Android OS that affect the Pixel 1 and 2, Huawei P20, Samsung Galaxy S7, S8, and S9 and other devices. It disclosed the problem just seven days after finding it, as the exploit is a "zero-day" that is already being exploited in the wild. Oddly, the bug -- which affects Android 8.x and later -- was discovered and patched in December 2017 on earlier versions of the OS. However, the fix was apparently not carried over to newer versions.

The exploit was discovered by Google's Project Zero team, and its Threat Analysis Group believes it was used in real-world attacks by Israel's NSO Group. That company has been implicated in the past in attacks on human rights and political activists.

Google said that the zero-day is not as dangerous as others in the past, as it "requires installation of a malicious application for potential exploitation," said an Android representative. That means it can't be triggered by a web browser or other app without additional exploits already in place.

Google has angered other tech companies in the past by revealing vulnerabilities before they're patched, but at least it's following its own guidelines here. The company said that it notified Android partners and made the patch available for the Android Common Kernel. "Pixel 3 and 3a devices are not vulnerable, while Pixel 1 and 2 devices will be receiving updates for this issue as part of the October update," the team added. Other devices affected are the Xioami Redmi 5A, Xiaomi Redmi Note 5, Xiaomi A1, Oppo A3 and the Moto Z3.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
680 Shares
Share
Tweet
Share

Popular on Engadget

NASA picks space tourism outfit for its first commercial ISS module

NASA picks space tourism outfit for its first commercial ISS module

View
Billie Eilish proved anyone can access Grammy-winning gear

Billie Eilish proved anyone can access Grammy-winning gear

View
Intel is patching its Zombieload CPU security flaw for the third time

Intel is patching its Zombieload CPU security flaw for the third time

View
Atari-themed gaming hotels are coming to eight US cities

Atari-themed gaming hotels are coming to eight US cities

View
The company behind the Eve V laptop is back with crowd-developed monitors

The company behind the Eve V laptop is back with crowd-developed monitors

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr