New vulnerability affects all Android versions prior to Oreo

A new vulnerability that affects all Android versions prior to Oreo has been discovered [Image: xijian via iStock]

Researchers have announced a new high-severity security vulnerability affecting the Android operating system.

All versions prior to Android 8.0 Oreo – the most recent update – are vulnerable.

Palo Alto Networks Unit 42 researchers found some malware that exploits certain vectors, but they said they are not aware of any active attacks against this particular vulnerability at present.

Since Android 8.0 is a relatively recent release, this means that nearly all Android users should take action today and apply updates that are available to address this vulnerability.

The researchers found a vulnerability that can be used to more easily enable an “overlay attack,” a type of attack that has already been encountered on the Android platform. An overlay attack is when an attacker’s app places a window over – or “overlays” – other windows and apps running on the device.

This can allow an attacker to convince the user they are clicking one window when, in reality, they are actually clicking on another.

According to the Palo Alto Networks researchers, the new vulnerability affects an Android feature known as Toast. Toast is a type of notification window that ‘pops’ (like toast) on the screen and is typically used to display messages and notifications over other apps.

Overlay attacks can also be used to give malicious software total control over the device. In a worst-case attack scenario, this vulnerability could be used to render the phone unusable, known as ‘bricking’ it, or to install any kind of malware, including ransomware or information stealing.

According to the researchers, this vulnerability could be used to take control of devices, lock devices and steal information after it is attacked.

An overlay attack can also be used to create a denial of service condition on the device by raising windows on the device that do not go away, which is what ransomware attackers do with devices.