Explore a 41-minute Black Hat conference talk detailing the Mangkhut exploit chain, which achieves one-click remote root access on modern Android devices using only two vulnerabilities. Dive into the intricacies of CVE-2020-6537, a Chrome vulnerability enabling arbitrary code execution in the browser render process, and CVE-2020-0423, a Binder vulnerability that escalates privileges from a sandboxed process to root. Learn how researchers Hongli Han, Rong Jian, Xiaodong Wang, and Peng Zhou overcame increasing Android security mitigations to develop this sophisticated remote root exploit chain targeting the latest Pixel devices.
Typhoon Mangkhut - One-click Remote Universal Root Formed with Two Vulnerabilities
Overview
Syllabus
Typhoon Mangkhut: One-click Remote Universal Root Formed with Two Vulnerabilities
Taught by
Black Hat
Related Courses
-
The Way to Android Root: Exploiting Smartphone GPU
-
TiYunZong Exploit Chain to Remotely Root Modern Android Devices - Pwn Android Phones from 2015-2020
-
One-Click to Completely Takeover a MacOS Device
-
Binder - The Bridge To Root - Hongli Han and Mingjian Zhou
-
Deep Analysis of Exploitable Linux Kernel Vulnerabilities 2017-2019
-
Android Universal Root - Exploiting Mobile GPU - Command Queue Drivers
