Google has recently discovered a new vulnerability in its?Android OS? kernel
code which is affecting not only Pixel smartphones but also those from Xiaomi,
Samsung, Huawei and others. A zero-day status has been given to this bug as
Google says that instances of it have been found of it being used in the real
world.

An Israeli?company called the NSO Group has exploited this vulnerability and it
has been known to also create the mobile spyware Pegasus. Google itself has
published the proof of concept for the Android OS vulnerability, for users to
check if other smartphones are also affected by it.

As per the report, the vulnerability can be?exploited when the target installs a
malicious app and it can be used to?gain root access of a device.??It is a
kernel privilege escalation using a use-after-free vulnerability, accessible
from inside the Chrome sandbox,? said the post.

Google says that all its Android partners have been notified about this exploit
and?has made the patch available on the Android Common Kernel as well. For Pixel
and Pixel 2 users, the October security update will give you the patch for this
exploit while Pixel 3 users are not affected by it.

Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Huawei P20, Redmi 5A, Redmi Note 5, Mi A1,
Oppo A3, Moto Z3, Oreo LG phones, Samsung Galaxy S7, Samsung Galaxy S8, and
Samsung Galaxy S9 are in the list of devices that have been affected by this
bug.

Original Article:
https://www.firstpost.com/tech/news-analysis/google-discloses-new-zero-day-exploit-for-android-affecting-samsung-xiaomi-and-more-7453271.html