Maddie Stone, a member of the Google elite team Project Zero, discovered a critical unpatched zero-day vulnerability affecting the Android mobile operating system. According to the expert, the bug, tracked as CVE-2019-2215, was allegedly being used or sold by the controversial surveillance firm NSO Group.
Maddie Stone published technical details and a
The flaw is a use-after-free vulnerability that affects the Android
“There is a use-after-free of the wait member in the binder_thread
“As described in the upstream commit: “binder_poll
the process subsequently exits, the epoll cleanup code tries to access the waitlist, which results in a use-after-free.”
The flaw affects versions of Android kernel released before April last year. This vulnerability was addressed in Dec 2017 in the 4.14 LTS kernel , AOSP android 3.18 kernel , AOSP android 4.4
This means that most of the Android devices available on the market with the
Some of the devices which appear to be vulnerable based on source code review are:
1) Pixel 2 with Android 9 and Android 10 preview (https://android.googlesource.com/kernel/msm/+/refs/heads/android-msm-wahoo-4.4-q-preview-6/)
2) Huawei P20
3) Xiaomi Redmi 5A
4) Xiaomi Redmi Note 5
5) Xiaomi A1
7) Moto Z3
8) Oreo LG phones (run according to )
9) Samsung S7, S8, S9
Maddie Stone explained that the flaw is accessible from inside the Chrome sandbox, the issue is exploitable in Chrome’s
“The bug is a local privilege escalation vulnerability that allows for a full compromise of a vulnerable device. If the exploit is delivered via the web, it only needs to be paired with a
“I’ve attached a local exploit proof-of-concept to demonstrate how this bug can be used to gain arbitrary kernel read/write when run locally. It only requires
Google is expected to release a security patch for its October’s Android Security Bulletin.
“This issue is rated as High severity on Android and by itself requires installation of a malicious application for potential exploitation. Any other
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.