Google is warning of an Android zero-day flaw actively being exploited in the wild, which gives an attacker full control over 18 phone models including its flagship Pixel handset and devices made by Samsung, Huawei and Xiaomi.
Google’s Project Zero warned late Thursday that it suspected the vulnerability was being exploited by the controversial Israeli-based NSO Group Technologies or one of its customers. The NSO Group has been criticized for selling zero-day exploits to “authorized governments”. It’s believed some of those governments have used NSO technology in targeted attacks against human rights activists and journalists.
Project Zero member Maddie Stone wrote in a technical post Thursday that there are indicators that the exploit is “allegedly being used or sold by the NSO Group.”