Stay frosty & alert: More Zero day's found in Android phones

PoohPooh Member Posts: 642 ✭✭✭✭✭
edited October 7 in Devices & Security
Another reason why not to randomly install apps - even ones from the Android App store. This day and age it's hard to know how many are out there that will be weaponized.

The list of affected devices includes:
  • Pixel 1
  • Pixel 1 XL
  • Pixel 2
  • Pixel 2 XL
  • Huawei P20
  • Xiaomi Redmi 5A
  • Xiaomi Redmi Note 5
  • Xiaomi A1
  • Oppo A3
  • Moto Z3
  • Oreo LG phones
  • Samsung S7
  • Samsung S8
  • Samsung S9

People say nothing is impossible, but I do nothing every day.
kltaylorVioletChepilHronosMarcRobinCiaran

Comments

  • kltaylorkltaylor Member Posts: 464 ✭✭✭✭
    Good catch, @Pooh
    "There's a fine line between audacity and idiocy."
    -Warden Anastasia Luccio, Captain
    VioletChepilMarc
  • VioletChepilVioletChepil London, UKAdministrator Posts: 1,616 admin
    Thanks @Pooh for this I've just promoted it too!! 

    Community Manager at Fing

    kltaylorMarc
  • DG12DG12 Member Posts: 11
    Please excuse my ignorance. 
    Why is this called a "zero-day" bug.?
    "...was patched in 2018 for versions 3.184.4, and 4.9 of the Android kernel. "
    ++++++
    from :https://bugs.chromium.org/p/project-zero/issues/detail?id=1942
    ...This issue was patched in Dec 2017 in the 4.14 LTS kernel [1], AOSP android 3.18 kernel [2], AOSP android 4.4 kernel [3], and AOSP android 4.9 kernel [4], but the Pixel 2 with most recent security bulletin is still vulnerable based on source code review.
    ++++++

    Does this mean that, although this vulnerability was discovered nearly 2 years ago,  companies like Motorolo (Moto Z3), LG( Oreo) and Samsung ( S7, S8, S9) haven't sent out updates that include the fix?
    kltaylor
  • PoohPooh Member Posts: 642 ✭✭✭✭✭
    @DG12 I'm unsure if the full story is out yet, however it looks like the original vulnerability wasn't assigned a CVE and also wasn't backported into the Android monthly security cycle.

    It's a zero day because it was being exploited before anyone knew about it. The fact it was patched previously is irrelevant given that it never made it into the relevant monthly updates and no-one realized.
    People say nothing is impossible, but I do nothing every day.
    DG12kltaylorMarc
  • DG12DG12 Member Posts: 11
    Thanks
    kltaylor
Sign In or Register to comment.