Android Serialization Vulnerabilities Revisited

  • Friday, March 4, 2016 | 11:20 AM – 12:10 PM | West | Room: 3018

View all Sessions

This session is about Android Serialization vulnerabilities. We revisit two vulns found in Android (CVE-2014-7911, CVE-2015-3837) which allowed for privilege escalation. We also present vulns found in third-party SDKs (CVE-2015-2000/1/2/3/4/20) which allowed for arbitrary code execution in apps which used them. But what has been done to prevent similar vulns? The session will answer this question.


This document was retrieved from on Fri, 28 Oct 2016 15:40:30 -0400.
© 2016 EMC Corporation. All rights reserved.