Zero project member Maddie Stone said in a post that there is evidence that vulnerability exploiter NSO Group or one of its customers is actively exploiting the vulnerability. Vulnerability exploitation can be completely rooted in vulnerability without almost customizationMobile phone. This vulnerability can be exploited in two ways:
(1) When the target installs an untrusted application,
(2) By combining this vulnerability with a vulnerability attack against chrome browsers for rendering content code.
According to Maddie Stone, the vulnerability is a local privilege escalation vulnerability that can completely destroy vulnerable devices. The devices affected by this vulnerability are as follows:
Pixel 1 XL
Pixel 2 XL
Red rice 5A
Red rice Note 5
Google's Android team said Google's October Android security update, which could be released to Pixel line mobile phone users in the coming days, will fix the vulnerability. The timetable for repairing other equipment is unclear. Pixel 3 and Pixel 3a devices are not affected.
Google representative wrote in an e-mail: "Pixel 3 and 3a devices are not susceptible to this problem. In October, the Android security update will fix this vulnerability for Pixel 1 and 2, which will be delivered to customers in the next few days. In addition, patches have been provided to partners to ensure that the Android ecosystem is protected from this problem.