Google's Project Zero security team has discovered a new zero-day exploit in Android which is already being used in the wild.
The vulnerability was found in the kernel of the Android operating system and can be utilized by an attacker to gain root access to a device.
Oddly enough, the vulnerability was patched back in December of 2017 in Android kernel versions 3.18, 4.14, 4.4 and 4.9, though newer versions of Android were found to be vulnerable.
According to Google's researchers, the vulnerability impacts the Pixel 2, Huawei P20, Xiaomi Redmi 5A, Xiaomi Redmi Note 5, Xiaomi A1, Oppo A3, Moto Z3, LG phones running Oreo and the Samsung S7, S8 and S9 running Android version 8 or higher.
However, since the “exploit requires little or no per-device customization”, this means that it may impact even more Android smartphones but those listed above have been tested and confirmed to be vulnerable to the zero-day by Google.
While Google's Project Zero team first discovered the vulnerability, the company's Threat Analysis Group (TAG) confirmed that it had been used in real-world attacks.