An Interest In:
Web News this Week
- April 17, 2024
- April 16, 2024
- April 15, 2024
- April 14, 2024
- April 13, 2024
- April 12, 2024
- April 11, 2024
Some of Our Sources
- Engadget
- Techcrunch
- Just Creative
- The Logo Smith
- Abduzeedo
- Naldz Graphics
- Fudge Graphics
- Line 25
- Specky Boy
- Spyre Studios
Help Webnuz
Referal links:
October 5, 2019 07:34 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/Y77V36IwKWU/attackers-exploit-new-0-day-vulnerability-giving-full-control-of-android-phones
Attackers Exploit New 0-day Vulnerability Giving Full Control of Android Phones
"Attackers are exploiting a zero-day vulnerability in Google's Android mobile operating system that can give them full control of at least 18 different phone models," reports Ars Technica, "including four different Pixel models, a member of Google's Project Zero research group said on Thursday night." The post also says there's evidence the vulnerability is being actively exploited. An anonymous reader quotes Ars Technica:Exploits require little or no customization to fully root vulnerable phones. The vulnerability can be exploited two ways: (1) when a target installs an untrusted app or (2) for online attacks, by combining the exploit with a second exploit targeting a vulnerability in code the Chrome browser uses to render content. "The bug is a local privilege escalation vulnerability that allows for a full compromise of a vulnerable device," Stone wrote. "If the exploit is delivered via the Web, it only needs to be paired with a renderer exploit, as this vulnerability is accessible through the sandbox...." Google representatives wrote in an email: "Pixel 3 and 3a devices are not vulnerable to this issue, and Pixel 1 and 2 devices will be protected with the October Security Release, which will be delivered in the coming days. Additionally, a patch has been made available to partners in order to ensure the Android ecosystem is protected against this issue." The use-after-free vulnerability originally appeared in the Linux kernel and was patched in early 2018 in version 4.14, without the benefit of a tracking CVE. That fix was incorporated into versions 3.18, 4.4, and 4.9 of the Android kernel. For reasons that weren't explained in the post, the patches never made their way into Android security updates.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/Y77V36IwKWU/attackers-exploit-new-0-day-vulnerability-giving-full-control-of-android-phones
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot