A security expert recently disclosed a zero-day vulnerability in the Linux kernel that would allow attackers to perform a devastating series of attacks on compromised devices.
Northwestern University PhD student and kernel-focused cybersecurity expert Zhenpeng Lin announced he discovered the vulnerability on the Google Pixel 6 and mentioned it also affects the Pro version of the handset. Furthermore, Lin clarified that this vulnerability doesn’t seem to affect other versions of Google’s Pixel series.
“The latest Google Pixel 6 pwned with a 0day in kernel,” reads Lin’s tweet. “Achieved arbitrary read/write to escalate privilege and disable SELinux without hijacking control flow. The bug also affects Pixel 6 Pro, other Pixels are not affected :)”
It was also confirmed that the vulnerability affects all phones based on kernel 5.10, including Samsung Galaxy S22. To make matters worse, the general Linux kernel is also susceptible to attacks leveraging this exploit, as Lin mentioned.
Currently, there are no additional details about the zero-day other than the ones specified in the researcher’s announcement on Twitter. However, Lin’s presence at Black Hat USA 2022, along with researchers Xinyu Xing and Yuhang Wu, could shed some light on the whole situation, as XDA Developers reported.
Google was notified about the critical vulnerability but has yet to release a public CVE reference. On the bright side, exploiting the flaw requires user interaction, unlike remote code execution (RCE) vulnerabilities.
Simply avoiding installing apps originating from non-trusted sources on your device could be enough mitigation in this case. Last but not least, it’s worth mentioning that Android devices based on kernel version 5.10 could be vulnerable even after installing the latest July 2022 security update.
Using specialized tools such as Bitdefender Mobile Security can help you achieve peace of mind with features like:
- Protection against link-based mobile scams
- Keeping your online identity safe with its VPN component
- Allowing you to locate, lock, and wipe your Android device remotely, if needed
- Email account breach notification
- Malware scanner
- App lock to prevent intrusions on your settings or private files