X

Samsung, Google & Others Have A New 0-Day Vulnerability

Android Virus Malware Cyberthreat AH 2019
Advertisement

Owners of some Samsung, Google, and other OEM devices may want to be a bit more cautious about installing apps, following the discovery of a new 0-day vulnerability in Android. That’s following recent reports detailing the issue and a potential timeline for a fix. For clarity, a 0-day vulnerability is one that isn’t known but hasn’t been fixed yet.

Now, the new vulnerability isn’t the worst seen in recent months since it isn’t going to impact every device. As at least some recent bugs have. It also isn’t able to take advantage of some of the worst attack vectors. Since this particular vulnerability can’t remotely install things on user devices.

Instead, it requires direct user interaction to install and execute. For instance, users would need to install malicious apps. Once users do give access to such an app, however, the potential for harm is quite high. The vulnerability does give attackers arbitrary read and write access, root privilege, and authority over SELinux.

Advertisement

Who else is impacted by the new 0-day vulnerability affecting Samsung & Google?

As noted above, Samsung and Google are among the more popular smartphone to be impacted by the new vulnerability. The researcher who discovered the vulnerability has said it is tied directly into the Linux Kernel. So devices from those OEMs won’t be the only phones impacted. Many others could potentially be directly affected too.

That will chiefly, be those with newer devices because this vulnerability affects Linux Kernel 5.10. Including some of the most popular phones available. Such as the Samsung Galaxy S22 series and Google Pixel 6 series.

Users who are concerned may want to check the version they currently have. Typically, OEMs put the information within the Settings app. Often, it’s placed under the “About Phone” segment and then a tap on the “Software” option. Although some phones, such as Pixel devices, will need to select the Android version to see the details.

Advertisement

The researcher also informed Google of the vulnerability. So a fix should be forthcoming within an upcoming monthly patch. Unfortunately, the patch for July has already rolled out, so it won’t likely arrive until August.