Overview
Explore a comprehensive analysis of in-the-wild Android exploits discovered by Google's Threat Analysis Group and Android Security teams in this 36-minute Black Hat conference talk. Delve into browser and kernel LPE exploits found in 2021, including CVE-2021-28663 (Mali GPU), CVE-2020-16040/CVE-2021-38000 (Browser), CVE-2021-1048 (Linux kernel), and CVE-2021-0920 (Linux kernel). Focus on the sophisticated CVE-2021-0920 Linux kernel garbage collection vulnerability, examining its exploitation and attribution. Discover a novel kernel exploitation technique for bypassing hardware-level mitigation, presented by experts Xingyu Jin, Richard Neal, Christian Resell, and Clement Lecigne. Gain valuable insights into the world of surveillance vendors and their impact on Android security.
Syllabus
Monitoring Surveillance Vendors: A Deep Dive into In-the-Wild Android Full Chains in 2021
Taught by
Black Hat