Monitoring Surveillance Vendors - A Deep Dive into In-the-Wild Android Full Chains in 2021

Explore a comprehensive analysis of in-the-wild Android exploits discovered by Google's Threat Analysis Group and Android Security teams in this 36-minute Black Hat conference talk. Delve into browser and kernel LPE exploits found in 2021, including CVE-2021-28663 (Mali GPU), CVE-2020-16040/CVE-2021-38000 (Browser), CVE-2021-1048 (Linux kernel), and CVE-2021-0920 (Linux kernel). Focus on the sophisticated CVE-2021-0920 Linux kernel garbage collection vulnerability, examining its exploitation and attribution. Discover a novel kernel exploitation technique for bypassing hardware-level mitigation, presented by experts Xingyu Jin, Richard Neal, Christian Resell, and Clement Lecigne. Gain valuable insights into the world of surveillance vendors and their impact on Android security.