Google researchers discover critical Android security flaw; Pixel, Samsung, Huawei, Xiaomi phones affected

Huawei P20, Xiaomi Mi A1, and Google’s own Pixel 2 are some of the phones affected by the newly discovered security flaw.

By: KUL BHUSHAN
| Updated on: Aug 20 2022, 17:09 IST
Google researchers discover critical Android flaw affecting Pixel, Samsung and Huawei phones
Google researchers discover critical Android flaw affecting Pixel, Samsung and Huawei phones (Reuters)

Google's Project Zero researchers have discovered a critical security flaw in its own Android that affected some popular smartphones across brands. Researchers claim the "zero-day" flaw was exploited in the real-world by Israel's NSO Group, known for the Pegasus interception software.

The flaw affected Google's recent Android 8.x and above versions. Interestingly enough, the bug was fixed in earlier iterations of Android (3.18, 4.4, 4.9) but resurfaced again.

You may be interested in

MobilesTablets Laptops
11% OFF
Samsung Galaxy S24 Ultra
  • Titanium Black
  • 12 GB RAM
  • 256 GB Storage
38% OFF
Google Pixel 7 Pro 5G
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
7% OFF
Google Pixel 7 5G
  • Obsidian
  • 8 GB RAM
  • 128 GB Storage
17% OFF
Xiaomi Redmi Note 13 Pro
  • Arctic White
  • 8 GB RAM
  • 128 GB Storage

According to Google researchers, the Android vulnerability affects the following phones: Samsung S7, Samsung S8 and Samsung 9, LG Oreo, Moto Z3, Oppo A3, Xiaomi Mi A1, Xiaomi Redmi Note 5 and Xiaomi Redmi 5A, Huawei P20, and Google's own Pixel 2 with Android 9 and Android 10.

Also read
Looking for a smartphone? To check mobile finder click here.

ALSO READ: YouTube creators hit by massive wave of account hijacks

Researchers also pointed out that while the security flaw was quite critical, it wasn't as dangerous as the other zero-day exploits.

"This issue is rated as High severity on Android and by itself requires installation of a malicious application for potential exploitation. Any other vectors, such as via web browser, require chaining with an additional exploit," an Android spokesperson explained on the official forum.

"We have notified Android partners and the patch is available on the Android Common Kernel. Pixel 3 and 3a devices are not vulnerable while Pixel 1 and 2 devices will be receiving updates for this issue as part of the October update."

Saket Modi, CEO & Co-founder, Lucideus said that even though the vulnerability is severe and could be used to get root access to an Android device, users shouldn't need to be worried. He also recommended that users should avoid downloading apps from third-party app stores.

"Android Kernel 'mobile station modem (MSM)' is vulnerable to Use After Free vulnerability. This is a memory corruption gap that can be used to execute on arbitrary code or crash a cell phone. This Use After Free scenario can occur when "the memory in question is allocated to another pointer validly at some point after it has been freed. The original pointer to the freed memory is used again and points to somewhere within the new allocation. As the data is changed, it corrupts the validly used memory; this induces undefined behaviour in the process which an attacker can take advantage further getting a root access to the device," he explained.

"A similar kind of vulnerability was identified with Microsoft and its Internet Explorer web browser since 2013, which has since received numerous security patches to update a variety of Use-After-Free security vulnerabilities," he added.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 04 Oct, 17:42 IST
NEXT ARTICLE BEGINS