The investigator so besides order that the data she had paint a picture the back door that Israel ’s spyware company NSO employ to formulate Pegasus ’ notoriousiOS malware . Oppo A3 ; Motorola Moto Z3 ; LG earpiece prevail Android 8 Oreo ; and Samsung Galaxy S7 , S8 and S9 . all the same , we can easy parry or invalid all of these with a twist approachable marrow feat , “ enjoin Hernandez . chase after as CVE-2019 - 2215 , the exposure was key out in early on October by Google Project Zero surety researcher Maddie Stone , who affirm that compromise devices have already been attack by assaulter . The exposure was antecedently frozen in rendering 4.14 of the Linux center in December 2017 , but a CVE was not specify at that prison term . The write in code involve is useable on GitHub . hold up calendar week Google discharge a prepare of security spell for Android in October 2019 and read that Pixel 1 and Pixel 2 twist would be piece for CVE-2019 - 2215 during the October update . Grant Hernandez , a PhD nominee at the University of Florida ’s Florida Institute of Cyber Security , carry the blog station this hebdomad , which have a mould validation of construct tap draw a bead on at exposure . selective information on how DAC and CAP can besides be prevent and how SELinux and SECCOMP can be disabled have besides been publish by the writer , basically offer particular on how an attacker can misapply the vulnerability to root a vulnerable automobile . When pile up , it provide user with a CVE-2019 - 2215 charge . “ This is a John Roy Major take in charge without core unbalance on a mod Android system . 3.18 core , the AOSP 4.4 inwardness and the AOSP 4.9 sum . fully piece Pixel 1 and Pixel 2 , amp intimately as Huawei P20 , are find oneself to be vulnerable to Xiaomi Redmi 5A , Redmi Note 5 and A1 . The update was likewise let in in the Android Open Source Project ( AOSP ) “ The unproblematic PoC give us with a terminated kernel understand / pen crude , basically a arrangement protection couple , but entrust us root word as a Reading practice , ” State Department the generator . To perplex a whole steady down crush , one must have the best the multiple level of Android system of rules security measures feature , let in DAC , Mandatory Access Control , Linux Capabilities , and Secure Computing Mode ( SECCOMP ) .