1 min read

Critical Linux Kernel Zero-Day Flaw Affects Several Flagship Android Devices

Vlad CONSTANTINESCU

July 14, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Critical Linux Kernel Zero-Day Flaw Affects Several Flagship Android Devices

A security expert recently disclosed a zero-day vulnerability in the Linux kernel that would allow attackers to perform a devastating series of attacks on compromised devices.

Northwestern University PhD student and kernel-focused cybersecurity expert Zhenpeng Lin announced he discovered the vulnerability on the Google Pixel 6 and mentioned it also affects the Pro version of the handset. Furthermore, Lin clarified that this vulnerability doesn’t seem to affect other versions of Google’s Pixel series.

“The latest Google Pixel 6 pwned with a 0day in kernel,” reads Lin’s tweet. “Achieved arbitrary read/write to escalate privilege and disable SELinux without hijacking control flow. The bug also affects Pixel 6 Pro, other Pixels are not affected :)”

It was also confirmed that the vulnerability affects all phones based on kernel 5.10, including Samsung Galaxy S22. To make matters worse, the general Linux kernel is also susceptible to attacks leveraging this exploit, as Lin mentioned.

Currently, there are no additional details about the zero-day other than the ones specified in the researcher’s announcement on Twitter. However, Lin’s presence at Black Hat USA 2022, along with researchers Xinyu Xing and Yuhang Wu, could shed some light on the whole situation, as XDA Developers reported.

Google was notified about the critical vulnerability but has yet to release a public CVE reference. On the bright side, exploiting the flaw requires user interaction, unlike remote code execution (RCE) vulnerabilities.

Simply avoiding installing apps originating from non-trusted sources on your device could be enough mitigation in this case. Last but not least, it’s worth mentioning that Android devices based on kernel version 5.10 could be vulnerable even after installing the latest July 2022 security update.

Using specialized tools such as Bitdefender Mobile Security can help you achieve peace of mind with features like:

  • Protection against link-based mobile scams
  • Keeping your online identity safe with its VPN component
  • Allowing you to locate, lock, and wipe your Android device remotely, if needed
  • Email account breach notification
  • Malware scanner
  • App lock to prevent intrusions on your settings or private files

tags


Author



Right now

Top posts

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

January 26, 2023

2 min read
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

January 19, 2023

4 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

BBB Warns Social Security Beneficiaries of Cost of Living Adjustment Scams BBB Warns Social Security Beneficiaries of Cost of Living Adjustment Scams
Alina BÎZGĂ

February 01, 2023

2 min read
Planet Ice hacked! 240,000 skating fans' details stolen Planet Ice hacked! 240,000 skating fans' details stolen
Graham CLULEY

January 31, 2023

2 min read
QNAP Rolls Out Urgent Patch to Fix SQL Injection Flaw in NAS Devices QNAP Rolls Out Urgent Patch to Fix SQL Injection Flaw in NAS Devices
Filip TRUȚĂ

January 31, 2023

1 min read