Latest in Gear

Image credit:

Google found a serious Android flaw affecting Pixel, Samsung and Huawei phones

It impacts devices running Android 8.x and later versions.
671 Shares
Share
Tweet
Share
Save

Sponsored Links

Google researchers have discovered an unpatched vulnerability on its own Android OS that affect the Pixel 1 and 2, Huawei P20, Samsung Galaxy S7, S8, and S9 and other devices. It disclosed the problem just seven days after finding it, as the exploit is a "zero-day" that is already being exploited in the wild. Oddly, the bug -- which affects Android 8.x and later -- was discovered and patched in December 2017 on earlier versions of the OS. However, the fix was apparently not carried over to newer versions.

The exploit was discovered by Google's Project Zero team, and its Threat Analysis Group believes it was used in real-world attacks by Israel's NSO Group. That company has been implicated in the past in attacks on human rights and political activists.

Google said that the zero-day is not as dangerous as others in the past, as it "requires installation of a malicious application for potential exploitation," said an Android representative. That means it can't be triggered by a web browser or other app without additional exploits already in place.

Google has angered other tech companies in the past by revealing vulnerabilities before they're patched, but at least it's following its own guidelines here. The company said that it notified Android partners and made the patch available for the Android Common Kernel. "Pixel 3 and 3a devices are not vulnerable, while Pixel 1 and 2 devices will be receiving updates for this issue as part of the October update," the team added. Other devices affected are the Xioami Redmi 5A, Xiaomi Redmi Note 5, Xiaomi A1, Oppo A3 and the Moto Z3.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
671 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget’s guide to Home Entertainment

Engadget’s guide to Home Entertainment

View
US says digital assets are covered by money laundering and disclosure laws

US says digital assets are covered by money laundering and disclosure laws

View
San Francisco's proposed office would prevent 'reckless' tech rollouts

San Francisco's proposed office would prevent 'reckless' tech rollouts

View
Porsche's Macan EV will fully replace its gas counterpart in a few years

Porsche's Macan EV will fully replace its gas counterpart in a few years

View
Crowdfunded case will give your Windows PC that Mac Pro look

Crowdfunded case will give your Windows PC that Mac Pro look

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr