The flaws in libutils are part of code that has been in every Android device released since 2008, potentially exposing more than 1 billion users to risk. While Android is at risk, Drake noted that, to date, Zimperium hasn’t seen any evidence to suggest it is being exploited in the wild.
“The two interrelated vulnerabilities are both required for our exploit to work, but they exist in isolation,” Drake told eWEEK. “One is a vulnerability in a core library API. The other is an insecure use of that API that allows triggering the vulnerability within.”