Google’s team of security researchers responsible for reporting zero-day vulnerabilities, known as Project Zero, recently discovered an unpatched exploit in Android that’s being used in real-life attacks. This vulnerability affects smartphones from popular OEMs like Samsung, Xiaomi, and Huawei. Even Google’s older Pixel phones are impacted as well.
Google’s Project Zero team may have discovered the vulnerability, but it’s the Threat Analysis Group (TAG) that confirmed its use in real-life attacks on affected devices. It believes the NSO Group, a popular Israeli-based company known to sell exploits and surveillance tools, is behind the zero-day attacks. However, NSO has denied Google’s accusations.
The Project Zero team mentions that the aforementioned isn’t an exhaustive list and a number of devices have already been exploited using this bug. Google will release the October security patch, which should arrive next week, with a fix for this vulnerability. Other OEMs listed above are expected to follow suit in the coming weeks.
