A critical vulnerability has been discovered in the Android OS that allows attackers to gain access to user devices.

Vulnerability (CVE-2019-2107) affects Android versions from 7.0 to 9.0 (Nougat, Oreo and Pie) and allows you to remotely execute code without additional permissions. The exploit for vulnerability was published on GitHub by Marcin Kozlowski, a researcher. 
As Kozlowski explained, an attacker could compromise a device using a malicious video file, sending it, for example, via e-mail (the Gmail application can download video using the standard Android video player). In the case of opening the file by the user, the attacker can gain access to the device of the victim.
Successful exploitation of a vulnerability is possible under one condition – the user will only have to download a malicious video in unchanged form. The attack, presumably, will also not be effective when sending a malicious file through services that recode video, for example, YouTube, WhatsApp, etc. 
At present, it is not known how many devices are at risk. According to Google, in May 2019, there were more than 2.5 billion active Android phones. Of these, almost 58% (about 1.5 billion) are running vulnerable OS versions. 
Google has already released an update that fixes the vulnerability.

Vulnerability in Android allows you to access …Vulnerability allows you to remotely execute code without additional rights. WWW.SECURITYLAB.RU

Back to top button