At this point, we can’t really say Android is the most secure platform today. It’s not. There is no such thing as a perfect OS. There are plenty of things to like about Google’s mobile operating system. We’re just not fans of the bugs and issues that need frequent checking and fixing. The tech giant releases monthly Android Security Bulletin but sometimes, the fixes and patches are not enough. The latest thing that must be fixed is “zero-day”— an unpatched vulnerability in Android that is currently attacking in the real world.
The Android OS kernel code carries the vulnerability. What it does is help a hacker gain root access to a phone. It is said to have been patched back in December 2017 (v 3.18, 4.14, 4.4, and 4.9). Those were the only fixed versions but newer ones were discovered to be vulnerable still, unfortunately.
Mainly, those smartphones running at least Android 8.0 and later have been affected according to researchers from Google. A number of phones have seen the vulnerability including Android 9 and Android 10-powered Pixel 2, Huawei P20, Xiaomi Redmi 5A and Redmi Note 5, Xiaomi A1, Moto Z3, Oppo A3, Oreo LG phones, and Samsung Galaxy S7/S8/S9.
This particular vulnerability is strong in the sense that it only “requires little or no per-device customization” as per Google. The zero-day bug is being tracked now HERE. Check for any updates about CVE-2019-2215.
Google’s Project Zero team has been looking into this issue. It’s been tracking the bug and is hoping it’s fixed soon. The Android Common Kernel already has the patch available.
A bit of good news: Pixel 3 and 3a phones are safe. They are not vulnerable to the issue. That’s refreshing but an Android Open Source Project representative said, “This issue is rated as High severity on Android and by itself requires installation of a malicious application for potential exploitation”.