Android Serialization Vulnerabilities Revisited

  • Friday, March 4, 2016 | 11:20 AM – 12:10 PM | West | Room: 3018

View all Sessions

This session is about Android Serialization vulnerabilities. We revisit two vulns found in Android (CVE-2014-7911, CVE-2015-3837) which allowed for privilege escalation. We also present vulns found in third-party SDKs (CVE-2015-2000/1/2/3/4/20) which allowed for arbitrary code execution in apps which used them. But what has been done to prevent similar vulns? The session will answer this question.


This document was retrieved from on Mon, 17 Jun 2019 08:50:43 -0400.