all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Analyzing a Modern In-the-wild Android Exploit

Add to bookmarks
g
Sept. 19, 2023, 4:01 p.m. | noreply@blogger.com (Google Project Zero)

Project Zero googleprojectzero.blogspot.com

By Seth Jenkins, Project Zero

Introduction


In December 2022, Google’s Threat Analysis Group (TAG) discovered an in-the-wild exploit chain targeting Samsung Android devices. TAG’s blog post covers the targeting and the actor behind the campaign. This is a technical analysis of the final stage of one of the exploit chains, specifically CVE-2023-0266 (a 0-day in the ALSA compatibility layer) and CVE-2023-26083 (a 0-day in the Mali GPU driver) as well as the techniques used by the attacker to gain kernel …

actor analysis android android devices blog blog post campaign cve december devices exploit google jenkins project samsung stage tag targeting technical technical analysis threat threat analysis threat analysis group

Visit resource

More from googleprojectzero.blogspot.com / Project Zero

Pr
The Windows Registry Adventure #2: A brief history of the feature 1 month, 2 weeks ago | googleprojectzero.blogspot.com
database feature google google project zero +13
Pr
The Windows Registry Adventure #1: Introduction and research results 1 month, 2 weeks ago | googleprojectzero.blogspot.com
bugs december december 2023 escalation +22
Pr
First handset with MTE on the market 6 months, 4 weeks ago | googleprojectzero.blogspot.com
arm back brand device +12
Pr
An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit 7 months, 2 weeks ago | googleprojectzero.blogspot.com
amnesty amnesty international analysis apple +29
Pr
Analyzing a Modern In-the-wild Android Exploit 8 months, 1 week ago | googleprojectzero.blogspot.com
actor analysis android android devices +19
Pr
Summary: MTE As Implemented 9 months, 4 weeks ago | googleprojectzero.blogspot.com
access arm blog blog post +13
Pr
MTE As Implemented, Part 1: Implementation Testing 9 months, 4 weeks ago | googleprojectzero.blogspot.com
access architecture arm brand +12
Pr
MTE As Implemented, Part 3: The Kernel 9 months, 4 weeks ago | googleprojectzero.blogspot.com
access architecture arm brand +11
Pr
MTE As Implemented, Part 2: Mitigation Case Studies 9 months, 4 weeks ago | googleprojectzero.blogspot.com
access architecture arm brand +14

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia
View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)
View on infosec-jobs.com