Attackers exploit 0day vulnerability that gives full control of Android phones

Attackers exploit 0day vulnerability that gives full control of Android phones

5 years ago
Anonymous $MUlyiGRWxa

https://arstechnica.com/information-technology/2019/10/attackers-exploit-0day-vulnerability-that-gives-full-control-of-android-phones/

Attackers are exploiting a critical vulnerability in Google’s Android mobile operating system that can give them full control of at least 18 different phone models, including four different Pixel models, a member of Google’s Project Zero research group said on Thursday night.

There’s evidence the vulnerability is being actively exploited, either by exploit developer NSO Group or one of its customers, Project Zero member Maddie Stone said in a post. Exploits require little or no customization to fully root vulnerable phone models. The vulnerability can be exploited two different ways: (1) when a target installs an untrusted app or (2) for online attacks, by combining the exploit with a second exploit targeting a vulnerability in code the Chrome browser uses to render content.

Attackers exploit 0day vulnerability that gives full control of Android phones

Oct 4, 2019, 5:17am UTC
https://arstechnica.com/information-technology/2019/10/attackers-exploit-0day-vulnerability-that-gives-full-control-of-android-phones/ > Attackers are exploiting a critical vulnerability in Google’s Android mobile operating system that can give them full control of at least 18 different phone models, including four different Pixel models, a member of Google’s Project Zero research group said on Thursday night. > There’s evidence the vulnerability is being actively exploited, either by exploit developer NSO Group or one of its customers, Project Zero member Maddie Stone said in a post. Exploits require little or no customization to fully root vulnerable phone models. The vulnerability can be exploited two different ways: (1) when a target installs an untrusted app or (2) for online attacks, by combining the exploit with a second exploit targeting a vulnerability in code the Chrome browser uses to render content.