Researchers have discovered a zero-day kernel privilege escalation bug that can result in the full compromise of certain Android devices and is apparently being exploited in the wild.

Devices known to be affected by the high-level, use-after-free vulnerability include the Pixel 1, 1X:, 2 and 2 XL; the Huawei P20; the Xiaomi Redmi 5A; the Xiaomi Redmi Note 5; the Xiaomi A1; the Oppo A3; the Moto Ze; Oreo LG phones; and the Samsung S7, S8 and S9.

According to a vulnerability report published by Project Zero security researcher Maddie Stone, the same bug was previously patched back in December 2017 in the 4.14 LTS kernel, the AOSP Android 3.18 kernel, the AOSP Android 4.4 kernel and the AOSP Android 4.9 kernel. But apparently it was not fixed universally across all Android devices.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.