Late last month Google Project Zero researcher Maddie Stone detailed a zero-day Android privilege escalation vulnerability (CVE-2019-2215) and revealed that it is actively being exploited in attacks in the wild. She also provided PoC code that could help researchers check which Android-based devices are vulnerable and which are not.
One of those has decided to go further.
Achieving “root” through a malicious app
“The base PoC left us with a full kernel read/write primitive, essentially game over for the systems’ security, but left achieving root as an exercise for the reader,” said Grant Hernandez, a Ph.D student at the University of Florida and a Research Assistant with the Florid ..
Support the originator by clicking the read the rest link below.
