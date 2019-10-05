Google researchers have found a high severity bug on smartphones that can potentially give root access to an Android phone to hackers. The zero-day vulnerability has been found on devices such as Pixel, Pixel 2, Xiaomi Redmi Note 5 Pro, Samsung Galaxy S8, S9, and more.

For the bug to work, one will need to give permission to install the malicious software on their device so users are advised to be mindful of the apps they are downloading and the permissions granted to them. It is also advised that apps are downloaded and installed from trusted sources to avoid such incidents.

In a Project Zero post, Google said that the issue was patched in December 2017, though the subsequent updates did not contain the fix. Google recently discovered the bug and according to the company, the patch is now available.

More smartphones that will be affected include Huawei P20, Samsung Galaxy S7, Xiaomi Redmi 5A, Xiaomi A1, Oppo A3, Moto Z3, and LG phones running Android Oreo. “Pixel 3 and 3a devices are not vulnerable while Pixel 1 and 2 devices will be receiving updates for this issue as part of the October update,” Google said in the post.

Google noted that the bug was allegedly being used or sold by Israel’s NSO Group and allows for a full compromise of a vulnerable device. The hack works by getting users to install a malicious app on their devices or the bug can even be paired with another exploit in the Chrome browser.

“The bug is a local privilege escalation vulnerability that allows for a full compromise of a vulnerable device. If the exploit is delivered via the web, it only needs to be paired with a renderer exploit, as this vulnerability is accessible through the sandbox,” the post read.