Android Serialization Vulnerabilities Revisited
This session is about Android Serialization vulnerabilities. We revisit two vulns found in Android (CVE-2014-7911, CVE-2015-3837) which allowed for privilege escalation. We also present vulns found in third-party SDKs (CVE-2015-2000/1/2/3/4/20) which allowed for arbitrary code execution in apps which used them. But what has been done to prevent similar vulns? The session will answer this question.
Rose Hay (http://twitter.com/roeehay","@roeehay";)">@roeehay)
X-Force Application Security Research Team Lead, IBM
Roee Hay leads the X-Force Application Security Research Team in IBM Security. His team focuses on discovering new vulnerabilities and has published dozens of papers or advisories in the past, including several ones in Android.