Latest in Gear

Image credit:

Google found a serious Android flaw affecting Pixel, Samsung and Huawei phones

It impacts devices running Android 8.x and later versions.
678 Shares
Share
Tweet
Share
Save

Sponsored Links

Google researchers have discovered an unpatched vulnerability on its own Android OS that affect the Pixel 1 and 2, Huawei P20, Samsung Galaxy S7, S8, and S9 and other devices. It disclosed the problem just seven days after finding it, as the exploit is a "zero-day" that is already being exploited in the wild. Oddly, the bug -- which affects Android 8.x and later -- was discovered and patched in December 2017 on earlier versions of the OS. However, the fix was apparently not carried over to newer versions.

The exploit was discovered by Google's Project Zero team, and its Threat Analysis Group believes it was used in real-world attacks by Israel's NSO Group. That company has been implicated in the past in attacks on human rights and political activists.

Google said that the zero-day is not as dangerous as others in the past, as it "requires installation of a malicious application for potential exploitation," said an Android representative. That means it can't be triggered by a web browser or other app without additional exploits already in place.

Google has angered other tech companies in the past by revealing vulnerabilities before they're patched, but at least it's following its own guidelines here. The company said that it notified Android partners and made the patch available for the Android Common Kernel. "Pixel 3 and 3a devices are not vulnerable, while Pixel 1 and 2 devices will be receiving updates for this issue as part of the October update," the team added. Other devices affected are the Xioami Redmi 5A, Xiaomi Redmi Note 5, Xiaomi A1, Oppo A3 and the Moto Z3.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
678 Shares
Share
Tweet
Share
Save

Popular on Engadget

Radiohead's online 'library' hosts rarities, art and merch

Radiohead's online 'library' hosts rarities, art and merch

View
Discovery shows early galaxies could have very short lives

Discovery shows early galaxies could have very short lives

View
Google CEO Sundar Pichai calls for 'sensible regulation' of AI

Google CEO Sundar Pichai calls for 'sensible regulation' of AI

View
The Morning After: Apple teams up with the creator of 'Bob's Burgers'

The Morning After: Apple teams up with the creator of 'Bob's Burgers'

View
FBI seizes site dedicated to selling data breach information

FBI seizes site dedicated to selling data breach information

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr