Google finds Android zero day that can take control of ... Android ... devices

https://www.theverge.com/2019/10/4/20898460/android-security-vulnerability-project-zero-pixel-galaxy-huawei-xiaomi The original article mentions few models only, but it is clear that much more vendors/devices are affected.

Google finds Android zero day that can take control of ... Android ... devices

Puppy2019 Puppy2019
✭✭  /  edited October 7

The original article mentions few models only, but it is clear that much more vendors/devices are affected. Nokia statement?



Comments

  • singhnsk singhnsk
    ✭✭✭✭  / 
    Interesting how it only affects some phones and not the others. Android vulnerability should be the same across the devices.
    I do not think HMD will make a statement here, other than just taking Google's patch and push it over this month. However, they should and inform that their devices are safe (or will be made safe soon).
    @HMD_Laura, can you have it passed onto the software team for an official response? It is always nice to have one and to know that there's somebody who's concerned.
  • Puppy2019 Puppy2019
    ✭✭  /  edited October 7
    It is explained in the link to the issue report, it depends on the kernel version that has nothing to do with the Android version. That's why some Android 9 devices can be also affected while some others can't.
  • singhnsk singhnsk
    ✭✭✭✭  /  edited October 7
    Puppy2019 said:
    It is explained in the link to the issue report, it depends on the kernel version that has nothing to do with the Android version. That's why some Android 9 devices can be also affected while some others can't.
    Thanks and sorry for the ignorance. I did spend a while on Google to figure out if Google published a kernel version which is affected, but couldn't find one. So, it is all left to OEMs now. Not sure who all will disclose it.
    That said, Google's list of published devices says that the non-Google devices were tested with Android 8 software and not the most recent releases.

    Other devices which appear to be vulnerable based on source code review are (referring to 8.x releases unless otherwise stated):
    1) Pixel 2 with Android 9 and Android 10 preview (https://android.googlesource.com/kernel/msm/+/refs/heads/android-msm-wahoo-4.4-q-preview-6/)
    2) Huawei P20
    3) Xiaomi Redmi 5A
    4) Xiaomi Redmi Note 5
    5) Xiaomi A1
    6) Oppo A3
    7) Moto Z3
    8) Oreo LG phones (run same kernel according to website)
    9) Samsung S7, S8, S9

  • Puppy2019 Puppy2019
    ✭✭  / 
    Here someone states the he is able to run the exploit on Android 10 beta as well
  • Puppy2019 Puppy2019
    ✭✭  / 
    Nokia 7+ is getting the October security update right now (good support!). Does it contain the fix?

  • f82 f82
    ✭✭  / 
    Considering all the different many/other brands smartphones out there, probably running on older kernel/patches versions and not updated anymore, I'd ask if this whole concept of "running faster" for having the latest kernel version/patch, that will share anyway (mostly in the above case) the "who knows which" next bug by most phones running on the same version, is or not itself the best idea.
     

Sign In or Register to comment.