Google says there’s a serious security flaw that’s targeting Pixel, Samsung, and Huawei phones

According to Google’s Project Zero cybersecurity group, there’s a zero-day vulnerability in Android that is being used to control at least 18 different phone models. The researcher was sent evidence of the flaw being actively exploited, with attribution to NSO Group, the Israeli cyber intelligence firm, or possibly, one of its customers.

This flaw can be exploited either from downloading a hijacked app or simply through some carefully-crafted code on a webpage that takes advantage of a second exploit in Chrome.

There’s a severe Android vulnerability that’s being exploited right now

The vulnerability lets the attacker gain full system privileges, after which they can do anything they want on the device.

The good news? There’s a patch, which will go to Pixel owners first with the October Security Update. Then it’ll be down to the other Android device manufacturers and mobile carriers to push the mitigation out. The Pixel 3 and newer Pixel devices aren’t affected.

The known vulnerable phones at this time are:

• Pixel 1
• Pixel 1 XL
• Pixel 2
• Pixel 2 XL
• Huawei P20
• Xiaomi Redmi 5A
• Xiaomi Redmi Note 5
• Xiaomi A1
• Oppo A3
• Moto Z3
• Oreo LG phones
• Samsung S7
• Samsung S8
• Samsung S9

Look out for update notifications on your phones if you own any of these handsets, or indeed, any Android phone.

What do you think? Surprised by this news? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

• The Panic Room: Is Zuckerberg vs. Warren this year’s McGregor vs. Mayweather?
• Study: Apparently, people can now type nearly as fast on a screen as they can on a keyboard
• Google is trying to compete with Amazon with Google Shopping – here’s what it’s like
• Instagram rolls out Threads so you can annoy all your close friends with pictures of mundane stuff