Independent researcher Dhiraj Mishra discovered a vulnerability in Android version of DuckDuckGo browser (version 5.26.0)…
“The bug is a local privilege escalation vulnerability that allows for a full compromise of a vulnerable device. If the exploit is delivered via the web, it only needs to be paired with a renderer exploit, as this vulnerability is accessible through the sandbox”, — writes maddiestone researcher from Google Project Zero.
The problem that received the CVE-2019-2215 identifier is contained in the Android kernel code and can be used to completely compromise the device. According to the researchers, the vulnerability affects gadgets based on versions of Android 8.x and higher:
According to the Google Threat Analysis Group (TAG) team, the Israeli company NSO Group, which has a very controversial reputation, developed the exploit used in the attacks.
Read also: Hearing Aid Maker Demant Loses $ 95 Million due to Ransomware Attack
Previously, the company has been repeatedly accused of supplying exploits to authoritarian governments harassing human rights defenders and journalists. In September of this year, the NSO Group promised to follow the principles of the UN Universal Declaration of Human Rights and take measures that impede the use of the company’s technologies with malicious intent.
“This issue is rated as High severity on Android and by itself requires installation of a malicious application for potential exploitation. We have notified Android partners and the patch is available on the Android Common Kernel. Pixel 3 and 3a devices are not vulnerable while Pixel 1 and 2 devices will be receiving updates for this issue as part of the October update”, — writes maddiestone.
News-bhexusa.xyz is a domain that tries to trick you into clik to its browser notifications…
News-bhupotu.xyz is a domain that tries to trick you into subscribing to its browser notifications…
News-bhocime.info is a site that tries to trick you into subscribing to its browser notifications…
You-hub.online is a site that tries to force you into clik to its browser notifications…
News-bhecudu.live is a domain that tries to force you into clik to its browser notifications…
News-bhiciwe.today is a site that tries to force you into clik to its browser notifications…