A threat actor has allegedly put a critical zero-day exploit up for sale on a cybercrime forum, targeting a wide range of devices running Google’s Android operating system. The exploit is claimed to affect Android versions 11 through 15, posing a significant risk to potentially millions of users worldwide. The seller advertises it as a “zero-day,” indicating the vulnerability is allegedly unknown to the vendor, Google, an American multinational technology company, and therefore has no security patch available.
According to the seller’s post, the exploit is exceptionally dangerous due to its alleged capabilities. It is described as a “zero-click” remote code execution (RCE) attack that leverages a memory corruption flaw in the Android MMS Parser. This means a target’s device could be compromised without any user interaction, such as clicking a link or opening a file. The exploit chain allegedly bypasses Android’s security defenses, including its sandbox, to grant the attacker full root access. This would give a malicious actor complete and stealthy control over the device.
The seller’s claims include:
- Vulnerability: Memory Corruption in Android MMS Parser
- Attack Vector: Remote Code Execution (RCE)
- Privilege Gained: Full Root Access (uid=0)
- Stealth: No user interaction needed and no crash notifications displayed
