All Articles

Android Serialization Vulnerabilities Revisited (RSA Conference 2016)

Posted by pritha on April 3, 2016 at 7:54pm

Android Serialization Vulnerabilities Revisited

This session is about Android Serialization vulnerabilities. We revisit two vulns found in Android (CVE-2014-7911, CVE-2015-3837) which allowed for privilege escalation. We also present vulns found in third-party SDKs (CVE-2015-2000/1/2/3/4/20) which allowed for arbitrary code execution in apps which used them. But what has been done to prevent similar vulns? The session will answer this question.

Speakers

Roee Hay ( @roeehay )

X-Force Application Security Research Team Lead, IBM

Roee Hay leads the X-Force Application Security Research Team in IBM Security. His team focuses on discovering new vulnerabilities and has published dozens of papers or advisories in the past, including several ones in Android.

Detailed Presentation:

Android Serialization Vulnerabilities Revisited from Priyanka Aash

(Source: RSA USA 2016, San Francisco)

E-mail me when people leave their comments –

Posted by pritha

CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)

Fireside Chat On Top Trends In Cybersecurity 2025 & Beyond

Jan 15, 2025 from 12:00pm to 1:00pm UTC+5.5

Online

Description:
We are hosting an exclusive Fireside Chat session on "Top Trends In Cybersecurity 2025 & Beyond" featuring Ravi Subbiah (CISO Consulting and Cybersecurity Delivery Leader at TCS) & Vijay Kumar Verma (SVP & Head Cyber Security Engineering at Jio).

The fast-paced evolution of cybersecurity is redefining priorities and pushing organizations to stay ahead of emerging challenges. This session offers a closer look at the…
Created by: Biswajit Banerjee

Best Of The World Talks With Anton Chuvakin (Security Advisor at Office of the CISO, Google Cloud)

Jan 23, 2025 from 10:30pm to 11:30pm UTC+5.5

Online

Description:
We are hosting an exclusive Best of the World Talks session on "Practical AI In Cybersecurity" featuring Anton Chuvakin (Security Advisor at Office of the CISO, Google Cloud) & David Randleman (Field CISO at FireCompass).…
Created by: Biswajit Banerjee

16th CISO Platform Top 100 Awards, 2025

Feb 21, 2025 from 9:00am to 7:30pm UTC+5.5

Bengaluru, Karnataka, India

Description:

16th CISO Platform, Top 100 Awards 2025

Top 100 Awards is India's 1st & Oldest CISO Awards, happening on February 21st 2024 at Bengaluru, Karanataka, India.
Created by: Biswajit Banerjee

#xg { position:relative;top:120px; } #xn_bar { top:120px; }

Hello, you need to enable JavaScript to use CISO Platform.

Please check your browser settings or contact your system administrator.

Comments

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Fireside Chat On Top Trends In Cybersecurity 2025 & Beyond

Best Of The World Talks With Anton Chuvakin (Security Advisor at Office of the CISO, Google Cloud)

16th CISO Platform Top 100 Awards, 2025

16th CISO Platform, Top 100 Awards 2025

Top 100 Awards is India's 1st & Oldest CISO Awards, happening on February 21st 2024 at Bengaluru, Karanataka, India.