Google's zero day security researchers have found a critical vulnerability in its Android operating system that would allow hackers to gain access to gain full access to at least 18 smartphones, including its own Pixel smartphones. The company disclosed the exploit just seven days after discovering it adding that the vulnerability has already been used in the wild.
"The bug is a local privilege escalation vulnerability that allows for a full compromise of a vulnerable device.If the exploit is delivered via the Web, it only needs to be paired with a renderer exploit, as this vulnerability is accessible through the sandbox," Google's project zero researcher Maddie Stone said in a post.
In the post Stone said that this vulnerability can be exploited in two ways. First, hackers can target smartphones by making users install untrusted app. Second, hackers can combine the exploit with a second exploit that would target a vulnerability in the code of the Chrome web browser. What's scary is that the exploit requires "little or no per-device customization."
If you not scared enough, there is more. This vulnerability was allegedly used by the Israel based NSO Group, which is famous for its spyware software called Pegasus that can reportedly provide rooted access to iPhones and Android devices.
"I received technical information from TAG and external parties about an Android exploit that is attributed to NSO group...The bug was allegedly being used or sold by the NSO Group," Stone wrote.
Here is a list of phones that are affected by this vulnerability:
Now the good news. While this exploit works on Pixel and Pixel 2 series smartphones, Pixel 3a series smartphones are immune to it. Google issued a security patch to fix this vulnerabilty Android 3.18, Android 4.4, Android 4.9, however, the Pixel 2 running on the latest security update is still susceptible to it. Google would be issuing a patch to fix this vulnerability in Android's October security patch. It has also notified its partners who will roll out a security update on to the affected devices soon.
