Saturday, February 15, 2025
HomeAndroidUnpatched Android Zero-day Vulnerability Let Hackers Escalate the Privilege and Take Control...

Unpatched Android Zero-day Vulnerability Let Hackers Escalate the Privilege and Take Control Of The Device

Published on

SIEM as a Service

Follow Us on Google News

Researchers disclosed an unpatched Android zero-day vulnerability that allows local attackers to escalate the privilege and take control of the device.

A high severity privilege vulnerability resides within the v4l2 driver which allows an attacker to leverage the lack of validating the existence of an object before performing operations by physically accessing the device and exploit the vulnerable Android in the context of the kernel.

Researchers from Trend Micro’s Zero Day Initiative publicly disclosed the vulnerability details after the multiple attempts to Google to fix the issues but failed to respond about the fix for the Android zero-day vulnerability.

In order to exploit the Device, “An attacker must first obtain the ability to execute low-privileged code on the target system” ZDI researchers said.

CVSS scale measures the vulnerability scores 7.8 out of 10 and categorized the vulnerability under high severity.

An attacker first needs to convince the victims to run and install the specially crafted file and take control of the vulnerable device.

So once the attackers convenience the user and install the malicious file, then he can able to take complete control of the targeted Android phone.

ZDI initially reported the vulnerability to Google on 13, March, and Google confirmed the existence of the vulnerability on June 28.

After failing the multiple attempts for a further update from Google, ZDI notified the vendor of the intention to disclose the report as a 0-day advisory and the vulnerability still not yet fixed.

According to ZDI “Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service. Only the clients and servers that have a legitimate procedural relationship with the service should be permitted to communicate with it.”

Android Zero-day not Fixed in September Android Security Updates

This new Android zero-day vulnerability has not a part of the September Android security update, in which Google fixed 13 critical and high-severity vulnerabilities.

There are two critical flaws (CVE-2019-2176, CVE-2019-2108) exist in Android’s Media framework were fixed in this security update that allows a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process, Google Said.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and Hacking News update

Also Read:

Android 10 Released – New Privacy Protection by Restricting access to External storage, Location Access & Background Activities

Zerodium Now Paying You $2.5 Million For Android Zero-day Exploit and $1.5 Million for WhatsApp RCE Exploit

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Fake BSOD Attack Launched via Malicious Python Script

A peculiar malicious Python script has surfaced, employing an unusual and amusing anti-analysis trick...

SocGholish Malware Dropped from Hacked Web Pages using Weaponized ZIP Files

A recent wave of cyberattacks leveraging the SocGholish malware framework has been observed using...

Lazarus Group Targets Developers Worldwide with New Malware Tactic

North Korea's Lazarus Group, a state-sponsored cybercriminal organization, has launched a sophisticated global campaign...

North Korean IT Workers Penetrate Global Firms to Install System Backdoors

In a concerning escalation of cyber threats, North Korean IT operatives have infiltrated global...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

NVIDIA Container Toolkit Vulnerable to Code Execution Attacks

NVIDIA has issued a critical security update to address a high-severity vulnerability discovered in...

Apache Fineract SQL Injection Vulnerability Allows Malicious Data Injection

The Apache Software Foundation has disclosed a critical SQL injection vulnerability in its widely...

AMD Ryzen Flaw Enables Code Execution Through DLL Hijacking

A security vulnerability has been identified in the AMD Ryzenâ„¢ Master Utility, a performance-tuning tool for AMD Ryzenâ„¢...