Android Serialization Vulnerabilities Revisited

Android Serialization Vulnerabilities Revisited

This session is about Android Serialization vulnerabilities. We revisit two vulns found in Android (CVE-2014-7911, CVE-2015-3837) which allowed for privilege escalation. We also present vulns found in third-party SDKs (CVE-2015-2000/1/2/3/4/20) which allowed for arbitrary code execution in apps which used them. But what has been done to prevent similar vulns? The session will answer this question.

Speaker

Rose Hay (http://twitter.com/roeehay","@roeehay";)">@roeehay)

X-Force Application Security Research Team Lead, IBM

Roee Hay leads the X-Force Application Security Research Team in IBM Security. His team focuses on discovering new vulnerabilities and has published dozens of papers or advisories in the past, including several ones in Android.

Detailed Presentation

(Source: RSA USA 2016-San Francisco)

8669803471?profile=original

E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Virtual Summit - Best Of The World In Security 2021

  • Description:

    This conference celebrates the foremost security researchers and trainers in the world. This is co-hosted by CISO Platform and SACON with 40,000+ global security professionals. Our vision is to promote collaborative and cooperative learning with the best of the minds in Cyber Security.

    Link to register : http://event.cisoplatform.com/best-of-the-world-in-security-2021/

  • Created by: pritha