HomesecurityZeroday vulnerability beats millions of Android phones. What are the vulnerable versions?

Zeroday vulnerability beats millions of Android phones. What are the vulnerable versions?

Hackers are exploiting a zeroday vulnerability of its Android operating system Google, which can give them full control over at least 18 different phone models, including four different Pixel models, a research team member recently said. Project Zero of Google.


There is evidence that the vulnerability is actively exploited, either by NSO Group or one of the company's customers, Project Zero member Maddie Stone said in a post. The exploits require little or no adjustment to fully root vulnerable phones. Vulnerability can be exploited in two ways: (1) when a target installs an unreliable application or (2) for Internet attacks, combining two exploits aimed at a vulnerability in code.

List of vulnerable smartphones so far:

  1. Pixel 1
  2. Pixel 1 XL
  3. Pixel 2
  4. Pixel 2 XL
  5. Huawei P20
  6. Xiaomi Redmi 5A
  7. Xiaomi Redmi 5 Note
  8. Xiaomi A1
  9. Oppo A3
  10. Moto Z3
  11. LG Oreo Phones
  12. Samsung S7
  13. Samsung S8
  14. Samsung S9

Google has announced that the vulnerability will be fixed right away with Android security update October which will be released in a few days.

It is worth noting that the vulnerability had first appeared in Linux kernel and fixed at the beginning of 2018 in the 4.14 version. This update was integrated into the 3.18, 4.4 and 4.9 versions of the Android kernel. For reasons that were not explained, these patches were never included in Android security updates. Thanks to this we can understand why older Pixel models are vulnerable while newer versions do not. The defect is now monitored as CVE-2019-2215.