Overview
Explore a 41-minute Black Hat conference talk detailing the Mangkhut exploit chain, which achieves one-click remote root access on modern Android devices using only two vulnerabilities. Dive into the intricacies of CVE-2020-6537, a Chrome vulnerability enabling arbitrary code execution in the browser render process, and CVE-2020-0423, a Binder vulnerability that escalates privileges from a sandboxed process to root. Learn how researchers Hongli Han, Rong Jian, Xiaodong Wang, and Peng Zhou overcame increasing Android security mitigations to develop this sophisticated remote root exploit chain targeting the latest Pixel devices.
Syllabus
Typhoon Mangkhut: One-click Remote Universal Root Formed with Two Vulnerabilities
Taught by
Black Hat