In this second part of their detailed analysis, researchers at Google Project Zero unveil a zero-day exploit affecting the Pixel 9 series. This exploit targets vulnerabilities in the system’s sandbox and other security mechanisms, allowing for remote code execution without user interaction—hence the term '0-click.' The vulnerability lies within the device's firmware update process, where a carefully crafted payload can bypass standard defenses. Once executed, it provides attackers with root access to the device, enabling them to perform malicious activities undetected.
The exploit takes advantage of an n-day vulnerability that was previously unknown but has since been patched by Google. The researchers emphasize the importance of continuous monitoring and rapid response in mitigating such threats. They also highlight how this type of attack could be used in targeted attacks, raising concerns about the security posture of high-end smartphones.