Today, researchers at Google revealed that they found evidence of an unpatched vulnerability that’s being exploited in the wild.
The bug, which affects Android phone models 8.x and later, was first discovered and patched in December 2017. However, for some reason, the fix did not carry over to newer OS versions.
According to Google researchers, the “exploit requires little or no per-device customization.” Even more, they believe Israel’s NSO Group is using the bug in real-world attacks.
The good news, however, is that the zero-day flaw — CVE-2019-2215 — is not as dangerous as others in the past because it can’t be triggered by a web browser or other app without additional exploits already in place.