Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
New 0-Day Flaw Affecting Most Android Phones Being Exploited in the Wild
1 view
Skip to first unread message
Arlen Holder
Oct 4, 2019, 9:42:59 AM10/4/19
to
OCTOBER 4, 2019
New 0-Day Flaw Affecting Most Android Phones Being Exploited in the Wild
<https://hacknews.co/vulnerabilities/20191004/new-0-day-flaw-affecting-most-android-phones-being-exploited-in-the-wild.html>
"Discovered by Project Zero researcher Maddie Stone, the details and a
proof-of-concept exploit for the high-severity security vulnerability,
tracked as CVE-2019-2215, has been made public today¡Xjust seven days after
reporting it to the Android security team."
"Google¡¦s Project Zero division usually gives software developers a
90-day deadline to fix the issue in their affected products before going
public with the details and PoC exploits, but in case of active exploits,
the team goes public after seven days of privately being reported."
"¡§This issue is rated as High severity on Android and by itself
requires installation of a malicious application for potential
exploitation. Any other vectors, such as via web browser, require chaining
with an additional exploit,¡¨ the Android security team said in a
statement."
--
As always, no consumer mobile device, not iOS, not Android ... is secure.
Anyone who says so is selling or believing in imaginary functionality.
New 0-Day Flaw Affecting Most Android Phones Being Exploited in the Wild
<https://hacknews.co/vulnerabilities/20191004/new-0-day-flaw-affecting-most-android-phones-being-exploited-in-the-wild.html>
"Discovered by Project Zero researcher Maddie Stone, the details and a
proof-of-concept exploit for the high-severity security vulnerability,
tracked as CVE-2019-2215, has been made public today¡Xjust seven days after
reporting it to the Android security team."
"Google¡¦s Project Zero division usually gives software developers a
90-day deadline to fix the issue in their affected products before going
public with the details and PoC exploits, but in case of active exploits,
the team goes public after seven days of privately being reported."
"¡§This issue is rated as High severity on Android and by itself
requires installation of a malicious application for potential
exploitation. Any other vectors, such as via web browser, require chaining
with an additional exploit,¡¨ the Android security team said in a
statement."
--
As always, no consumer mobile device, not iOS, not Android ... is secure.
Anyone who says so is selling or believing in imaginary functionality.
0 new messages