Google says there’s a serious security flaw that’s targeting Pixel, Samsung, and Huawei phones

Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.

According to Google’s Project Zero cybersecurity group, there’s a zero-day vulnerability in Android that is being used to control at least 18 different phone models. The researcher was sent evidence of the flaw being actively exploited, with attribution to NSO Group, the Israeli cyber intelligence firm, or possibly, one of its customers.

This flaw can be exploited either from downloading a hijacked app or simply through some carefully-crafted code on a webpage that takes advantage of a second exploit in Chrome.

There’s a severe Android vulnerability that’s being exploited right now

The vulnerability lets the attacker gain full system privileges, after which they can do anything they want on the device.

The good news? There’s a patch, which will go to Pixel owners first with the October Security Update. Then it’ll be down to the other Android device manufacturers and mobile carriers to push the mitigation out. The Pixel 3 and newer Pixel devices aren’t affected.

The known vulnerable phones at this time are:

• Pixel 1
• Pixel 1 XL
• Pixel 2
• Pixel 2 XL
• Huawei P20
• Xiaomi Redmi 5A
• Xiaomi Redmi Note 5
• Xiaomi A1
• Oppo A3
• Moto Z3
• Oreo LG phones
• Samsung S7
• Samsung S8
• Samsung S9

Look out for update notifications on your phones if you own any of these handsets, or indeed, any Android phone.

What do you think? Surprised by this news? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

• The Panic Room: Is Zuckerberg vs. Warren this year’s McGregor vs. Mayweather?
• Study: Apparently, people can now type nearly as fast on a screen as they can on a keyboard
• Google is trying to compete with Amazon with Google Shopping – here’s what it’s like
• Instagram rolls out Threads so you can annoy all your close friends with pictures of mundane stuff

Joe Rice-Jones

Maker, meme-r, and unabashed geek with nearly half a decade of blogging experience at KnowTechie, SlashGear and XDA Developers. If it runs on electricity (or even if it doesn't), Joe probably has one around his office somewhere, with particular focus in gadgetry and handheld gaming. Shoot him an email at joe@knowtechie.com.