As some of you might know, Google’s Project Zero team is a group of security researchers who try to seek out vulnerabilities and exploits in apps and services in a bid to keep us safe. The team also regularly publishes their findings to make the public aware of what’s going on, and it seems that the team’s latest discovery comes in the form of an Android zero-day exploit.
You would assume that Project Zero would want to give its own colleagues a bit more leeway, but that would be a disservice to everyone, so kudos to them for being neutral. That being said, the exploit in question affects several popular Android handsets, like the Samsung Galaxy S7, S8, and S9, the Google Pixel 1 and Pixel 2, and the Huawei P20.
What’s odd about this particular bug is that it was originally patched in December 2017, but for some reason, the fix to the exploit was not carried forward to newer builds of Android. As a result, Android 8.x and newer are affected by it. However, the good news is that despite this being classified as a zero-day vulnerability, it isn’t as dangerous as you might think.
This is because it is not a remote code execution based exploit, meaning that it can’t be exploited without user interaction. Also, certain conditions need to be met in order to take advantage of the vulnerability. Either way, an exploit is still an exploit and hopefully Google will have a new patch for it soon.