{"id":322182,"date":"2019-10-04T08:51:23","date_gmt":"2019-10-04T06:51:23","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=322182"},"modified":"2019-10-04T08:53:42","modified_gmt":"2019-10-04T06:53:42","slug":"massive-security-flaw-found-in-android-smartphones","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/322182-massive-security-flaw-found-in-android-smartphones.html","title":{"rendered":"Massive security flaw found in Android smartphones"},"content":{"rendered":"<p>Google&#8217;s Project Zero research group has <a href=\"https:\/\/bugs.chromium.org\/p\/project-zero\/issues\/detail?id=1942\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>highlighted<\/strong><\/a> a zero-day vulnerability in the Android operating system that allows malicious parties to attain complete control of victims&#8217; smartphones.<\/p>\n<p>According to Google Project Zero member Maddie Stone, there is evidence that the exploit is being used in the wild, which is why it has de-restricted the bug seven days after reporting it to Android.<\/p>\n<p>The bug affects at least 18 Android smartphones, including the following:<\/p>\n<ul>\n<li>Pixel 1<\/li>\n<li>Pixel 1 XL<\/li>\n<li>Pixel 2<\/li>\n<li>Pixel 2 XL<\/li>\n<li>Huawei P20<\/li>\n<li>Xiaomi Redmi 5A<\/li>\n<li>Xiaomi Redmi Note 5<\/li>\n<li>Xiaomi A1<\/li>\n<li>Oppo A3<\/li>\n<li>Moto Z3<\/li>\n<li>Oreo LG phones<\/li>\n<li>Samsung S7<\/li>\n<li>Samsung S8<\/li>\n<li>Samsung S9<\/li>\n<\/ul>\n<p>&#8220;The bug is a local privilege escalation vulnerability that allows for a full compromise of a vulnerable device,&#8221; explained Stone.<\/p>\n<p>&#8220;If the exploit is delivered via the web, it only needs to be paired with a renderer exploit, as this vulnerability is accessible through the sandbox.&#8221;<\/p>\n<p>Android released a statement highlighting that the issue is &#8220;high&#8221; in severity.<\/p>\n<p>&#8220;This issue is rated as High severity on Android and by itself requires installation of a malicious application for potential exploitation. Any other vectors, such as via web browser, require chaining with an additional exploit.&#8221;<\/p>\n<p>&#8220;We have notified Android partners and the patch is available on the Android Common Kernel. Pixel 3 and 3a devices are not vulnerable while Pixel 1 and 2 devices will be receiving updates for this issue as part of the October update.&#8221;<\/p>\n<p>It s not certain when the exploit will be patched on non-Pixel devices.<\/p>\n<h3 class=\"my-4\">Now read: <a href=\"https:\/\/mybroadband.co.za\/news\/technology\/322178-apple-working-on-a-touchscreen-keyboard-you-can-feel.html\" rel=\"bookmark\">Apple working on a touchscreen keyboard you can feel<\/a><\/h3>\n","protected":false},"excerpt":{"rendered":"<p>Google&#8217;s Project Zero research group has highlighted a day zero vulnerability in its Android operating system that allows malicious parties to attain complete control of smartphones.<\/p>\n","protected":false},"author":341039,"featured_media":268787,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[397,23613,26080],"class_list":["post-322182","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-android","tag-exploit","tag-google-project-zero"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/322182"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/341039"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=322182"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/322182\/revisions"}],"predecessor-version":[{"id":322184,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/322182\/revisions\/322184"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/268787"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=322182"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=322182"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=322182"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}