iTnews

Exploited Android 0day linked to notorious spyware vendor

By Juha Saarinen on Oct 7, 2019 9:27AM
Exploited Android 0day linked to notorious spyware vendor

Many popular devices vulnerable.

The spyware vendor alleged to have sold the Pegasus malware used to track associates of murdered Saudi journalist Jamal Khashoggi has been implicated in the trading of an Android vulnerability that can be exploited to gain full control over popular late-model smartphones.

Google's Project Zero security team discovered the bug on September 27 and disclosed it to the company's Android developers.

Exploitable in the Chrome browser's renderer process, the bug in the Android Binder driver is a use-after-free vulnerability that allows kernel privilege escalation.

When delivered through a website, the vulnerability only needs to be paired with a renderer exploit to allow for full compromise of devices susceptible to it.

Controversial Israeli spyware vendor NSO Group is believed to be exploiting the bug, Google said. NSO Group denied it had any involvement in a media statement.

"The bug was allegedly being used or sold by the NSO Group," Google senior security engineer Maddie Stone wrote.

Due to this, Project Zero gave the Android team a very short period of time to come up with a patch before going public.

*We have evidence that this bug is being used in the wild. Therefore, this bug is subject to a seven-day disclosure deadline," Stone added.

Project Zero does not have samples of the exploit. The security researchers were able to code a proof-of-concept that confirmed the vulnerability.

Stone said the bug was patched in December 2017, but Google's Pixel 2 and 2XL smartphones with the most recent security bulletin are still vulnerable to the flaw, a source code review found.

Google's Pixel 1, 1XL are also vulnerable, but not Pixel 3 and 3A.

Popular recent devices such as Samsung Galaxy 7, 8, 9, Huawei P20, Xiaomi Redmi A1, 5A and Note 5, Motorola Z3, Oppo A3 and Oreal LG phones are believed to be vulnerable to exploit, based on Project Zero's source code review.

Google's Android team has now released a patch for the vulnerability.

"This issue is rated as high severity on Android and by itself requires installation of a malicious application for potential exploitation.

"Any other vectors, such as via web browser, require chaining with an additional exploit.

"We have notified Android partners and the patch is available on the Android Common Kernel," the developers said.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
android google huawei lg motorola nso group oppo samsung security

Partner Content

Why companies fail at picking cloud modernisation partners
Partner Content Why companies fail at picking cloud modernisation partners
MSI launches innovative new laptops
Partner Content MSI launches innovative new laptops
Shut the door on ransomware
Partner Content Shut the door on ransomware
Beat the DDoS blackmails in 2021
Partner Content Beat the DDoS blackmails in 2021

Sponsored Whitepapers

Five questions to ask before you upgrade to a SIEM solution
Five questions to ask before you upgrade to a SIEM solution
Effectively addressing advanced threats
Effectively addressing advanced threats
The risky business of open source
The risky business of open source
Ensure your e-signatures are legally binding
Ensure your e-signatures are legally binding
Mitigating open source risk in your organisation
Mitigating open source risk in your organisation

Events

  • On-Demand Webinar: How Poly and Microsoft are Embracing Future Work Environments
  • Beat the DDoS blackmailers in 2021
By Juha Saarinen
Oct 7 2019
9:27AM
0 Comments

Related Articles

  • Android vendors fail to install security patches
  • Android phones vulnerable to provisioning SMS hijacking
  • Sideloaded Google apps won't run on newer Huawei gear
  • Google unravels state-of-art Android and Windows exploit chains
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Australia Post is building a digital twin of its delivery network

Australia Post is building a digital twin of its delivery network

Google threatens to withdraw search engine in Australia

Google threatens to withdraw search engine in Australia

NBN Co runs fixed wireless tower on diesel generator for over two years

NBN Co runs fixed wireless tower on diesel generator for over two years

NBN Co saves $1m a year by powering down idle line cards

NBN Co saves $1m a year by powering down idle line cards

You must be a registered member of iTnews to post a comment.
Log In | Register
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.