Recently, there is an unpatched Android flaw like privilege escalation vulnerability has been revealed. However, it was detected on Android device that running version 8.x
The exploit will give full control to the affected Android device.
According to Maddie Stone, a Senior Security Engineer on the Android Security Team at Google, there are a few Android devices that have been affected. Those device are as follows:
- Huawei P20
- Oppo A3
- Oreo LG phones
- Samsung S7, S8, S9
There is a chance that the list above will be getting bigger because the list above is compiled based on the source code review process.
This issue is rated as high severity on Android and by itself requires installation of a malicious application for potential exploitation,any other vectors, such as via web browser, require chaining with an additional exploit.Tim Willis, another Project Zero members
A member from Google Security Team did mention that the vulnerabilities will be patched in Pixel Device within these few days on October Security Update for Android.
However, the use-after-free-vulnerabilities have been patches last year and for no reason, the patch did not reach the Android Device via Android Security Update.
For those who wanted to follow the update on these vulnerabilities, can track the vulnerability by the CVE code CVE-2019-2215