All Articles

Android Serialization Vulnerabilities Revisited

Posted by pritha on March 22, 2016 at 8:18pm

Android Serialization Vulnerabilities Revisited

This session is about Android Serialization vulnerabilities. We revisit two vulns found in Android (CVE-2014-7911, CVE-2015-3837) which allowed for privilege escalation. We also present vulns found in third-party SDKs (CVE-2015-2000/1/2/3/4/20) which allowed for arbitrary code execution in apps which used them. But what has been done to prevent similar vulns? The session will answer this question.

Speaker

Rose Hay (http://twitter.com/roeehay","@roeehay";)">@roeehay)

X-Force Application Security Research Team Lead, IBM

Roee Hay leads the X-Force Application Security Research Team in IBM Security. His team focuses on discovering new vulnerabilities and has published dozens of papers or advisories in the past, including several ones in Android.

Detailed Presentation

Android Serialization Vulnerabilities Revisited from Priyanka Aash

(Source: RSA USA 2016-San Francisco)

★

Votes: 0

E-mail me when people leave their comments –

Posted by pritha

Community Head, CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Join The Community Discussion

Daily Breach Intelligence 26 November 2025 - Dartmouth College has confirmed that its Oracle EBS instance was compromised; New Critical CVE with unauthenticated RCE in broadcast infrastructure..

Posted by pritha on November 26, 2025 at 2:06am in Blog

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)

Atlanta Chapter Meet: Build the Pen Test Maturity Model (Virtual Session)

Jan 14, 2026 at 7:30pm to Feb 25, 2026 at 9:00pm UTC+5.5

Online

Description:
The Atlanta Pen Test Chapter has officially begun and is now actively underway.

Atlanta CISOs and security teams have kicked off Pen Test Chapter #1 (Virtual), an ongoing working series focused on drafting Pen Test Maturity Model v0.1, designed for an intel-led, exploit-validated, and AI-assisted security reality. The chapter was announced at …
Created by: Biswajit Banerjee
Tags: ciso, pen testing, red team, security leadership

The Insider Risk Summit (West)

Mar 18, 2026 at 10:00am to Mar 19, 2026 at 6:00pm PDT

Monterey, CA

Description:
Created by: pritha
Tags: insider risk summit, monterey, california

#xg { position:relative;top:120px; } #xn_bar { top:120px; }

Hello, you need to enable JavaScript to use CISO Platform.

Please check your browser settings or contact your system administrator.

All Articles

Android Serialization Vulnerabilities Revisited

Comments

Join The Community Discussion

Read More

Top Breaches in Cyber Security in 2025 – upcoming live panel

Weekly CISO Podcast Pick – Why Cyber Risk Fails: What CISOs Should Do Instead

Navigating Cybersecurity in 2026: A Deep Dive into Trends, Statistics and Strategies for Enterprises, SMBs & BFSI/NBFCs

Daily Breach Intelligence 26 November 2025 - Dartmouth College has confirmed that its Oracle EBS instance was compromised; New Critical CVE with unauthenticated RCE in broadcast infrastructure..

Note: this page contains paid content.

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Atlanta Chapter Meet: Build the Pen Test Maturity Model (Virtual Session)

The Insider Risk Summit (West)