The official Google Project Zero blog details the discovery and repair of Bad Binder, an Android 0day vulnerability. The patch is included in the October Android security update, and if your phone’s security patch level is October 2019, the issue has been fixed.
Project Zero developers say they received information late in the summer that Israeli spyware developer NSO was using an Android 0day vulnerability to install spyware PegASUS on target devices.
This is a kernel lift released after using vulnerabilities that affect Pixels 1 and 2, but does not affect Pixel 3 and 3a, which have been fixed in the kernel version of Linux kernel 4.14. Security researchers who used this intelligence quickly identified the vulnerability.
The vulnerability was first discovered and reported in November 2017 and fixed in February 2018, but was not included in the monthly Android Safepass in Linux 4.14, Android 3.18, Android 4.4, and Android 4.9 many released devices, such as the Pixel and Pixel 2, are not patched.