Google’s Project Zero team is warning Pixel, Pixel 2, Galaxy S9, Huawei P20, and millions of other Android phone users that a new zero-day vulnerability could let a hacker take full control of your phone. And what’s worse, there is evidence that it is being actively exploited in the wild.
As first spotted by Ars Technica, the issue was first patched in the December 2017 security update, but several phones are “still vulnerable based on source code review.” According to Google, the phones at risk include:
Pixel and Pixel 2
Samsung Galaxy S7, S8, and S9
Xiaomi Redmi 5A
Xiaomi Redmi Note 5
Google escalated the bug from a 30-day public disclosure to a 7-day one after discovering that it was actively being exploited by the NSO group, a known Israeli-based “developer of exploits.” As Ars Technica explains, the group was previously connected to the Pegasus spyware that cropped up in 2016 on mobile devices.
In a statement, Google assured that a fix will be available soon: “Pixel 1 and 2 devices will be protected with the October Security Release, which will be delivered in the coming days. Additionally, a patch has been made available to partners in order to ensure the Android ecosystem is protected against this issue.” The Pixel 3 and 3a are not affected by the exploit.
While the likelihood of this vulnerability impacting your phone is still slim, you should probably stay away from untrusted apps until the October security update arrives.
Abigail Smith is an inventive person who has been doing intensive research in particular topics and writing blogs and articles on Lexmark Printer Support and many other related topics. He is a very knowledgeable person with lots of experience.