From zdnet.com
Google disclosed today that they found evidence of an Android unpatched vulnerability being used in attacks in the real world — a so-called “zero-day.”
The vulnerability resides in the Android operating system’s kernel code and can be used to help an attacker gain root access to the device.
Ironically, the vulnerability was patched in December 2017 in Android versions 3.18, 4.14, 4.4, and 4.9, but newer OS versions were found to be vulnerable.
Google researchers believe that the vulnerability impacts the following Android phone models, running Android 8.x and later: