A post from the security group suggests it found the bug last week, and attackers were exploiting it at that moment. The post notes the exploit requires no or minimal customization to root a phone that’s exposed to the bug. The research group has listed some of the devices affected that are running Android version 8.x or later:
Pixel 2 with Android 9 and Android 10 preview Huawei P20 Xiaomi Redmi 5A Xiaomi Redmi Note 5 Xiaomi A1 Oppo A3 Moto Z3 Oreo LG phones Samsung Galaxy S7, S8, S9
The bug was fixed in earlier versions – 3.18, 4.4, and 4.9 – of Android kernel, but it has resurfaced again. The attacker can’t use Remote Code Execution (RCE) to exploit the vulnerability. However, if you install an application from an untrusted source, attackers can take advantage of that. Attackers can also take advantage of the bug if they pair it with vulnerabilities in the Chrome browser to render content. A statement from Android team says it has informed phone makers to issue a patch: The researchers speculate the bug is being used by NSO, an Isreal-based group known to sell tools to authorities to exploit iOS and Android. It’s advisable that you don’t install apps from non-trustworthy sources, and use an alternate browser such as Firefox or Brave till the issue is fixed. We’ll keep you posted on any updates issued by phone makers.