Earlier October, Google Project Zero researchers Maddie Stone publicly disclosed a zero-day vulnerability, tracked as CVE-2019-2215, in Android.
According to the expert, the bug was allegedly being used or sold by the controversial surveillance firm NSO Group.
Maddie Stone published technical details and a proof-of-concept exploit for the high-severity security vulnerability, seven days after she reported it to the colleagues of the Android security team.
The flaw is a use-after-free vulnerability that affects the Android
The flaw affects versions of Android kernel released before April last year. This vulnerability was addressed in Dec 2017 in the 4.14 LTS kernel , AOSP android 3.18 kernel , AOSP android 4.4 kernel , and AOSP android 4.9 kernel . The expert pointed out that Pixel 2 with most recent security bulletin is still vulnerable based on source code review.
This means that most of the Android devices available on the market with the unpatched kernel are still vulnerable to this vulnerability, even is the owners have installed the latest Android security updates.
Some of the devices which appear to be vulnerable based on source code review are:
1) Pixel 2 with Android 9 and Android 10 preview (https://android.googlesource.com/kernel/msm/+/refs/heads/android-msm-wahoo-4.4-q-preview-6/)
2) Huawei P20
3) Xiaomi Redmi 5A
4) Xiaomi Redmi Note 5
5) Xiaomi A1
7) Moto Z3
8) Oreo LG phones (run according to )
9) Samsung S7, S8, S9
Maddie Stone explained that the flaw is accessible from inside the Chrome sandbox, the issue is exploitable in Chrome’s renderer processes under Android’s ‘isolated_app’ SELinux domain. This means that a remote attacker could potentially exploit the flaw by chaining it with a Chrome rendering issue
Last week, Google released security patches for Android, the tech giant announced that patches to address the CVE-2019-2215 in Pixel 1 and Pixel 2 devices will be included in the October update.
Now the researchers Grant Hernandez, a PhD candidate at the Florida Institute
“All I needed to do
“The base PoC left us with a full kernel read/write primitive, essentially game over for the systems’ security, but left achieving root as an exercise for the reader,”
The expert explained that an attacker that aims to get a full root shell would need to bypass multiple layers of
Hernandez pointed out that an app accessible kernel exploit allows the attacker to easily bypass or disable all of these layers of
“Once I had a reliable working exploit that I could use over ADB, I decided it would be neat to see the exploit working from an application context. I created Qu1ckR00t (the name is satire) as a one-click
(SecurityAffairs – CVE-2019-2215, zero-day)