All Articles

Android Serialization Vulnerabilities Revisited (RSA Conference 2016)

Posted by pritha on April 3, 2016 at 7:54pm

Android Serialization Vulnerabilities Revisited

This session is about Android Serialization vulnerabilities. We revisit two vulns found in Android (CVE-2014-7911, CVE-2015-3837) which allowed for privilege escalation. We also present vulns found in third-party SDKs (CVE-2015-2000/1/2/3/4/20) which allowed for arbitrary code execution in apps which used them. But what has been done to prevent similar vulns? The session will answer this question.

Speakers

Roee Hay@roeehay )

X-Force Application Security Research Team Lead, IBM

Roee Hay leads the X-Force Application Security Research Team in IBM Security. His team focuses on discovering new vulnerabilities and has published dozens of papers or advisories in the past, including several ones in Android.


Detailed Presentation:

(Source: RSA USA 2016, San Francisco)

8669803085?profile=original

Views: 198
E-mail me when people leave their comments –
Follow
Posted by pritha

CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)