Serious bug found in Android 8.x and above
An unpatched vulnerability has been found in Android OS by Google’s own researchers, Google’s Project Zero team and its Threat Analysis Group, which could affect a large number of devices. This includes devices like the Samsung Galaxy S7, S8, S9, Huawei P20, the Pixel 1 and 2, Redmi 5a, Redmi Note 5, Xiaomi A1, Oppo A3, Moto Z3, and some other devices that use the Android operating system. The bug is already being exploited by hackers, and Google has yet to fix the issue, commonly known as a “zero-day” exploit. However, it has disclosed the problem to the public so that they can take precautions.
Vulnerabilities like this one have been used in attacks before, such as attacks carried out by Israel’s NSO group on award-winning human rights activist, Ahmed Mansoor. The company was also involved in targeting the internet watchdog group, Citizen Lab.
Google is saying the vulnerability isn’t as dangerous as previous zero-day’s because taking advantage of it would require that the user has installed malicious applications. This means as long as users stay away from shady apps and games, they should be perfectly fine. Usual usage, such as browsing the web, or using trusted apps will not make the user susceptible to attacks. According to Google, this same bug discovered, and fixed, in December 2017, but the fix was not carried over into newer versions of Android. It is currently working on solving the issue and has released a patch for the Android Common Kernel, as well as alerting Android partners.
Source: Android Project Zero