An Android 0-day vulnerability was recently discovered by Google’s own Project Zero research group. The vulnerability in question can allow hackers to get full control of at least 18 different Android phones.
Vulnerable devices are also varying in age. They range from the first two Pixel phones and their XL variants, to last year’s flagships like the Huawei P20 and the Samsung Galaxy S9. Google will be patching the vulnerability as part of the October security update, which has already been made available to other brands.
The exploit works in two ways. One is, as you’d expect, though the installation of untrusted apps. The other is a little odd, as it relies on another vulnerability in the Chrome browser’s code. So it may be a good idea to use another browser on your mobile device for the time being.
Reports indicate that the vulnerability has already been exploited by Israel-based NSO Group. Representatives from NSO have denied having anything to do with this particular vulnerability.
(Source: Project Zero via Ars Technica)
