Security researchers with Google’s Project Zero team have identifiedd an Android vulnerability that appears to have been exploited in the real world.
The issue affects phones manufactured by Samsung, including the Galaxy S7, S8, and S9, as well as the Huawei P20, Pixel 1, and Pixel 2. Google said that an attacker would either need to get their target to install a malicious application or pair the attack with a second exploit via a program like a web browser.
The bug is already being used by an exploit out in the real world, so Google’s security researchers gave the Android team just seven days to fix it before making their findings public. The bug was first disclosed to the Android team on September 27th, and it was made public today.
Devices which appear to be vulnerable are:
- Pixel 2 with Android 9 and Android 10 preview
- Huawei P20
- Xiaomi Redmi 5A
- Xiaomi Redmi Note 5
- Xiaomi A1
- Oppo A3
- Moto Z3
- Oreo LG phones
- Samsung S7, S8, S9
The Android team confirmed that a patch is now available on the Android Common Kernel and that Android partners have been informed.