Home > News content

Attackers claim that Android phones can be fully controlled by 0day vulnerabilities.

via:cnBeta.COM     time:2019/10/4 23:31:48     readed:95

Zero project member Maddie Stone said in a post that there is evidence that vulnerability exploiter NSO Group or one of its customers is actively exploiting the vulnerability. Vulnerability exploitation can be completely rooted in vulnerability without almost customizationMobile phone. This vulnerability can be exploited in two ways:

(1) When the target installs an untrusted application,

(2) By combining this vulnerability with a vulnerability attack against chrome browsers for rendering content code.

According to Maddie Stone, the vulnerability is a local privilege escalation vulnerability that can completely destroy vulnerable devices. The devices affected by this vulnerability are as follows:

Pixel 1

Pixel 1 XL

Pixel 2

Pixel 2 XL

P20

Red rice 5A

Red rice Note 5

Millet A1

Oppo A3

Moto Z3

OreoPhones

Samsung S7

Samsung S8

Samsung S9

Google's Android team said Google's October Android security update, which could be released to Pixel line mobile phone users in the coming days, will fix the vulnerability. The timetable for repairing other equipment is unclear. Pixel 3 and Pixel 3a devices are not affected.

Google representative wrote in an e-mail: "Pixel 3 and 3a devices are not susceptible to this problem. In October, the Android security update will fix this vulnerability for Pixel 1 and 2, which will be delivered to customers in the next few days. In addition, patches have been provided to partners to ensure that the Android ecosystem is protected from this problem.

pixel-800x449.jpg

China IT News APP

Download China IT News APP

Please rate this news

The average score will be displayed after you score.

Post comment

Do not see clearly? Click for a new code.

User comments