Google’s Project Zero team finds Android vulnerability that has already been exploited

Researchers at Google’s Project Zero team have discovered the existence of an Android vulnerability that it believes has already been exploited by hackers.

The security researchers say that the vulnerability allowed hackers to take control of a person’s phone.

Project Zero believes that an Israeli-based cyberintelligence group has already exploited the vulnerability. However, the firm in question has denied this claim.

Since the flaw was exploited before it was patched, it is being called a zero-day vulnerability. The team found the vulnerability in late September.

The flaw is in Android’s operating system, and gives hackers the ability to obtain root access to a person’s phone. However, it requires some action from the phone’s user. Hackers can only get access to the phone if the user has downloaded malicious software.

The vulnerability can also be combined with another exploit that can lead to a web-based attack through Chrome.

Project Zero has stated that the following phones that are running Android 8 or later could be impacted:

• Pixel 2 with Android 9 and Android 10 preview
• Huawei P20
• Xiaomi Redmi 5A
• Xiaomi Redmi Note 5
• Xiaomi A1
• Oppo A3
• Moto Z3
• Oreo LG phones
• Samsung Galaxy S7, S8, S9

However, since this vulnerability has been listed as “high severity,” it could impact more phones than the ones listed above.

Google says that it’s currently working to resolve the issue.

In the meantime, users should be careful about the websites they are visiting and the content they are downloading.

Source: Project Zero Via: CNET