Thursday, March 28, 2024

New Android Zero-day Vulnerability Let Hackers Take Full Control the Samsung, Pixel, Huawei, Xiaomi, Moto Mobiles

Researchers from Google project zero uncovered a critical zero-day vulnerability that affected at least 18 Android models including Samsung, Moto, Huawei, Pixel, Xiaomi and more.

Some of the depth pieces of evidence show that the vulnerability is being exploited in wide and gives complete access to the Vulnerable Android devices.

An Android zero-day exploit that discovered in wide believed to be attributed to the Isreal based NSO group employed exploit developers or their customers who bought it from them and used it to compromise the Android users.

But we news media later reached the NSO groups and asked for comment, in which their spoke person denied that they did not sell, and will never sell exploits or vulnerabilities, also they give followings statement.

“This exploit has nothing to do with NSO; our work is focused on the development of products designed to help licensed intelligence and law enforcement agencies save lives.” “

The vulnerability has already patched in Android kernel versions 3.18, 4.14, 4.4, and 4.9 without CVE but it becomes vulnerable to new Android versions.

Based on the source code review, Google confirmed that the following devices are vulnerable for this Android 0-day.

  • Pixel 1
  • Pixel 1 XL
  • Pixel 2
  • Pixel 2 XL
  • Huawei P20
  • Xiaomi Redmi 5A
  • Xiaomi Redmi Note 5
  • Xiaomi A1
  • Oppo A3
  • Moto Z3
  • Oreo LG phones
  • Samsung S7
  • Samsung S8
  • Samsung S9

There are two possible ways identified by Google. first one will exploit the device by installing a malicious app on the targeted device, in another way, the attacker performs a kernel privilege escalation using a use-after-free vulnerability, accessible from inside the Chrome sandbox.

According to Google Project Zero researcher Maddie Stone “The vulnerability is exploitable in Chrome’s renderer processes under Android’s ‘isolated_app’ SELinux domain, leading to us suspecting Binder as the vulnerable component “

“The bug is a local privilege escalation vulnerability that allows for a full compromise of a vulnerable device.” and it’s not a complete remotely exploitable bug and the attacker need to meet with certain condition in order to take control over the vulnerable device that listed above.

Also, he confirmed that If the exploit is delivered via the web, it only needs to be paired with a renderer exploit, as this vulnerability is accessible through the sandbox. via a blog post.

The Zero-day Vulnerability categorized under “High” severity and the attacker needs to install a malicious app to exploit the bug, in another case if they tried via browser, attackers require chaining with an additional exploit in order the take the vulnerable Android device.

Due to vulnerability severity level and is being actively exploiting in wide, Google said “we are now de-restricting this bug 7 days after reporting to Android team privately”

Google promise that the patch will be available in October security update for Pixel 1 and 2 devices, and Pixel 3 and 3a is not vulnerable.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates

Website

Latest articles

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...

Beware of Free Android VPN Apps that Turn Your Device into Proxies

Cybersecurity experts have uncovered a cluster of Android VPN applications that covertly transform user...

ZENHAMMER – First Rowhammer Attack Impacting Zen-based AMD Platforms

Despite AMD's growing market share with Zen CPUs, Rowhammer attacks were absent due to...

Airbus to Acquire INFODAS to Strengthen its Cybersecurity Portfolio

Airbus Defence and Space plans to acquire INFODAS, a leading cybersecurity and IT solutions...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles