Analysts of the Google Project Zero team found a dangerous bug in the Android kernel, to which many devices running Android are vulnerable. According to researchers, this zero-day vulnerability is already under attack. The problem can help the attacker get root access to the target device.
This vulnerability was initially fixed in the 4.14 LTS Linux kernel back in December 2017. This patch was included in the Android 3.18, 4.14, 4.4 and 4.9 kernels, but remained vulnerable in newer versions for some reason. As a result, the bug may still pose a threat to the following models of Android devices running Android 8.x and newer versions:
- Pixel 2 running Android 9 and Android 10 preview;
- Huawei P20;
- Xiaomi Redmi 5A;
- Xiaomi Redmi Note 5;
- Xiaomi A1;
- Oppo A3;
- Moto Z3;
- Oreo LG smartphones
- Samsung S7, S8, S9.
Google experts believe that the exploit they discovered for CVE-2019-2215 is the work of the well-known Israeli company NSO Group. Let me remind you that the NSO Group was founded in 2010 and since then has been developing various legal malawari, which, along with ekploitami for various 0-day, sold to governments and intelligence agencies around the world. The company gained wide popularity in 2016-2017, when information security specialists discovered powerful spy tools Pegasus and Chrysaor, developed by the NSO Group and designed for iOS and Android.
ZDNet representatives have already responded to these accusations and informed the media that they have nothing to do with the ekploit:
Fortunately, there is good news. Fresh 0-day hasn’t been given critical status because it’s not a RCE vulnerability that could be exploited without any interaction with the user. A number of conditions will need to be met to exploit this problem. For example, an attacker will need to install a malicious application on the target device to exploit the bug. Any other attack vectors, for example, through a browser, will require the creation of a chain of exploits using other, additional vulnerabilities.
The patch for the zero-day problem is already available on Android Common Kernel. Pixel 3 and 3a smartphones are located in all risk areas, while Pixel 1 and 2 devices should receive updates for this vulnerability as part of the October update.