•   
  •   
  •   

Technology New Android zero-day affects millions of devices

21:55  04 october  2019
21:55  04 october  2019 Source:   techradar.com

Gmail's dark mode is coming to Android phones. Turn it on now

Gmail's dark mode is coming to Android phones. Turn it on now Here's how to turn on Gmail's dark mode in Android 10.

Google's Project Zero security team has discovered a new zero-day exploit in Android which is already being used in the wild.

a close up of a computer keyboard: Phone malware© Provided by Future Publishing Ltd. Phone malware

The vulnerability was found in the kernel of the Android operating system and can be utilized by an attacker to gain root access to a device.

Oddly enough, the vulnerability was patched back in December of 2017 in Android kernel versions 3.18, 4.14, 4.4 and 4.9, though newer versions of Android were found to be vulnerable.

According to Google's researchers, the vulnerability impacts the Pixel 2, Huawei P20, Xiaomi Redmi 5A, Xiaomi Redmi Note 5, Xiaomi A1, Oppo A3, Moto Z3, LG phones running Oreo and the Samsung S7, S8 and S9 running Android version 8 or higher.

iPhone 11 Pro and 11 Pro Max specs vs. Galaxy S10, Note 10 and Pixel 3 XL Android phones

iPhone 11 Pro and 11 Pro Max specs vs. Galaxy S10, Note 10 and Pixel 3 XL Android phones We pit Apple's new iPhones head to head with their top Android competitors.

  • Valve updates bug bounty rules after Steam zero-day controversy
  • New vBulletin zero-day could infect thousands of sites worldwide
  • Security researcher exposes zero-day WordPress vulnerabilities

However, since the “exploit requires little or no per-device customization”, this means that it may impact even more Android smartphones but those listed above have been tested and confirmed to be vulnerable to the zero-day by Google.

Android zero-day

While Google's Project Zero team first discovered the vulnerability, the company's Threat Analysis Group (TAG) confirmed that it had been used in real-world attacks. Both of these teams were also responsible for discovering a recent batch of zero-day vulnerabilities in Apple's iPhones.

iPhone 11 Pro and 11 Pro Max specs vs. Galaxy S10, Note 10 and Pixel 3 XL Android phones

iPhone 11 Pro and 11 Pro Max specs vs. Galaxy S10, Note 10 and Pixel 3 XL Android phones We pit Apple's new iPhones head to head with their top Android competitors.

Details regarding who is behind the Android zero-day are currently limited but Google's TAG believes that the Israel-based company NSO Group, that is known for selling exploits and surveillance tools, may be responsible.

However, when ZDNet reached out to the group they denied any involvement, saying:

"NSO did not sell and will never sell exploits or vulnerabilities. This exploit has nothing to do with NSO; our work is focused on the development of products designed to help licensed intelligence and law enforcement agencies save lives."

There is a silver lining though as this new Android vulnerability is not as dangerous as past zero-days. While the vulnerability is rated as high severity by Google it still requires the installation of a malicious application in order to be exploited.

Google has notified its Android partners and a patch is now available on the Android Common Kernel, so expect affected device manufacturers to start rolling out updates soon.

  • Protect your Android smartphone with the best android antivirus apps

Via ZDNet

How to back up your Android phone and keep all of your important information safe .
Quarterback Tom Brady moved the Patriots to a perfect 7-0 on the season, throwing for 249 yards against the New York Jets on "Monday Night Football."

Topical videos:

usr: 1
This is interesting!