Experts from the Google Project Zero security investigation team reported a bug that would allow potential cybercriminals to take remote control over a third-party device. This is the vulnerability CVE-2019-0797 or 'zero-day' (in English, zero-day), which opens a gap in the 'software' that can be found in browsers or applications.
Google researchers found this bug on September 27 and gave the Android team seven days to fix it. This October 4, the Google Project Zero report was made public.
In their blog, the experts presented a list of the models that, according to their estimates, are vulnerable to the attack of the malicious code: Pixel 2, with Android 9 and Android 10 software; Huawei P20; Xiaomi Redmi 5A, Xiaomi Redmi Note 5 and Xiaomi A1; Oppo A3; Moto Z3; LG phones with the Android Oreo operating system and the Samsung S7, S8 and S9.
A spokesman for the Android team, which commented on the Google researchers report, confirmed in a statement that it is a "high severity" problem and that Android partners have been informed. However, he said that this fault cannot be exploited without user interaction: it requires the installation of a malicious application or an additional 'exploit' (software fragment), which is distributed through a web browser.
"The patch is available in Android Common Kernel. (The devices) Pixel 3 and 3a do not look vulnerable, while Pixel 1 and 2 will receive updates for this problem, as part of the October update," says the statement.
It is not the first time this vulnerability arises. It was first detected in 2017. At that time it was presented in four versions of Kernel (an Android operating system software) and the developers corrected the problem by incorporating a security patch on the affected devices. Apparently, the most modern Kernel versions are still vulnerable to this error.
If you liked it, share it with your friends!