Saturday, June 22, 2024

New Android Zero-day Vulnerability Let Hackers Take Full Control the Samsung, Pixel, Huawei, Xiaomi, Moto Mobiles

Researchers from Google project zero uncovered a critical zero-day vulnerability that affected at least 18 Android models including Samsung, Moto, Huawei, Pixel, Xiaomi and more.

Some of the depth pieces of evidence show that the vulnerability is being exploited in wide and gives complete access to the Vulnerable Android devices.

An Android zero-day exploit that discovered in wide believed to be attributed to the Isreal based NSO group employed exploit developers or their customers who bought it from them and used it to compromise the Android users.

But we news media later reached the NSO groups and asked for comment, in which their spoke person denied that they did not sell, and will never sell exploits or vulnerabilities, also they give followings statement.

“This exploit has nothing to do with NSO; our work is focused on the development of products designed to help licensed intelligence and law enforcement agencies save lives.” “

The vulnerability has already patched in Android kernel versions 3.18, 4.14, 4.4, and 4.9 without CVE but it becomes vulnerable to new Android versions.

Based on the source code review, Google confirmed that the following devices are vulnerable for this Android 0-day.

  • Pixel 1
  • Pixel 1 XL
  • Pixel 2
  • Pixel 2 XL
  • Huawei P20
  • Xiaomi Redmi 5A
  • Xiaomi Redmi Note 5
  • Xiaomi A1
  • Oppo A3
  • Moto Z3
  • Oreo LG phones
  • Samsung S7
  • Samsung S8
  • Samsung S9

There are two possible ways identified by Google. first one will exploit the device by installing a malicious app on the targeted device, in another way, the attacker performs a kernel privilege escalation using a use-after-free vulnerability, accessible from inside the Chrome sandbox.

According to Google Project Zero researcher Maddie Stone “The vulnerability is exploitable in Chrome’s renderer processes under Android’s ‘isolated_app’ SELinux domain, leading to us suspecting Binder as the vulnerable component “

“The bug is a local privilege escalation vulnerability that allows for a full compromise of a vulnerable device.” and it’s not a complete remotely exploitable bug and the attacker need to meet with certain condition in order to take control over the vulnerable device that listed above.

Also, he confirmed that If the exploit is delivered via the web, it only needs to be paired with a renderer exploit, as this vulnerability is accessible through the sandbox. via a blog post.

The Zero-day Vulnerability categorized under “High” severity and the attacker needs to install a malicious app to exploit the bug, in another case if they tried via browser, attackers require chaining with an additional exploit in order the take the vulnerable Android device.

Due to vulnerability severity level and is being actively exploiting in wide, Google said “we are now de-restricting this bug 7 days after reporting to Android team privately”

Google promise that the patch will be available in October security update for Pixel 1 and 2 devices, and Pixel 3 and 3a is not vulnerable.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates

Website

Latest articles

PrestaShop Website Under Injection Attack Via Facebook Module

A critical vulnerability has been discovered in the "Facebook" module (pkfacebook) from Promokit.eu for...

Beware Of Illegal OTT Platforms That Exposes Sensitive Personal Information

A recent rise in data breaches from illegal Chinese OTT platforms exposes that user...

Beware Of Zergeca Botnet with Advanced Scanning & Persistence Features

A new botnet named Zergeca has emerged, showcasing advanced capabilities that set it apart...

Mailcow Mail Server Vulnerability Let Attackers Execute Remote Code

Two critical vulnerabilities (CVE-2024-31204 and CVE-2024-30270) affecting Mailcow versions before 2024-04 allow attackers to...

Hackers Attacking Vaults, Buckets, And Secrets To Steal Data

Hackers target vaults, buckets, and secrets to access some of the most classified and...

Hackers Weaponizing Windows Shortcut Files for Phishing

LNK files, a shortcut file type in Windows OS, provide easy access to programs,...

New Highly Evasive SquidLoader Attacking Employees Mimic As Word Document

Researchers discovered a new malware loader named SquidLoader targeting Chinese organizations, which arrives as...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles