all InfoSec news
Analyzing a Modern In-the-wild Android Exploit
Project Zero googleprojectzero.blogspot.com
By Seth Jenkins, Project Zero
Introduction
In December 2022, Google’s Threat Analysis Group (TAG) discovered an in-the-wild exploit chain targeting Samsung Android devices. TAG’s blog post covers the targeting and the actor behind the campaign. This is a technical analysis of the final stage of one of the exploit chains, specifically CVE-2023-0266 (a 0-day in the ALSA compatibility layer) and CVE-2023-26083 (a 0-day in the Mali GPU driver) as well as the techniques used by the attacker to gain kernel …
actor analysis android android devices blog blog post campaign cve december devices exploit google jenkins project samsung stage tag targeting technical technical analysis threat threat analysis threat analysis group