A malicious application in the Google Play store targeted a recently patched zero-day vulnerability that affects multiple Android devices, including Google’s Pixel phones.
Tracked as CVE-2019-2215, the vulnerability was disclosed as a zero-day in October by Google Project Zero security researcher Maddie Stone. A use-after-free in the binder driver, the bug could lead to an exploitable crash.
The flaw was initially addressed in December 2017 in the 4.14 Linux kernel, the Android Open Source Project (AOSP) 3.18 kernel, AOSP 4.4 kernel, and AOSP 4.9 kernel. Two years later, it was still impacting Pixel 2; Pixel 1; Huawei P20; Xiaomi Redmi 5A, Redmi Note 5, and A1; Oppo A3; Motorola Moto Z3; LG phones running Android 8 Oreo; and Samsung Galaxy S7, S8 and S9 models.
Google included patches for the flaw in its October 2019 set of Android fixes and a proof-of-concept was published a couple of weeks later.
When first detailing the bug, Stone said that she had received information that an exploit for it existed, and that it was being used by Israeli spyware company NSO, which is known for building the infamous iOS malware Pegasus.
In a November blog detailing the finding, she revealed that the “information included marketing materials for this exploit,” and also said that the exploit was allegedly “used to install a version of Pegasus.”
“[W]e believe that attackers have been able to use this vulnerability to exploit u ..
Support the originator by clicking the read the rest link below.
![[local] AnyDesk 5.4.0 - Unquoted Service Path](upload/news/image_1578384063_10637790.png)
