Google's Project Zero research team released a high-risk vulnerability in Android, at least 18 devices such as Pixel, Huawei Samsung and Xiaomi were affected .
The vulnerability was first disclosed to the Android team on September 27th and was required to be fixed within 7 days and made public to the public on October 4. This vulnerability has been fixed in the October security update .
The vulnerability has affected at least 18 models, including Huawei, Xiaomi, and Samsung. The vulnerability requires little or no customization to fully gain root access to the attacked phone, and can be used to attack affected phones by installing untrusted apps or by combining with Chrome content .
Google found an example of the vulnerability being used in the real world and believes that the Israeli NSO group is exploiting this vulnerability, a company suspected of attacking human rights and political activists .
Subsequently, the NSO responded that it would not sell the vulnerability and would never sell the exploit, which is not related to the NSO.
The vulnerability first appeared in the Linux kernel and was patched in early 2018. These patches never entered the Android security update for unexplained reasons in the post.