Privilege Escalation Vulnerability affects Billions of Android Devices

Newly found Privilege Escalation Vulnerability affects billions of android mobile phones and tablets, except the devices that are running latest Android 5.0 Lollipop. “Privilege Escalation is the act of exploiting a bug, design flaw or configuration in an operating system to gain administrator or root access.” – Wikipedia. Security Researcher named Jann Horn initially discovered this android security vulnerability that could allow any attacker to bypass “Address Space Layout Randomization (ASLR) defense and execute arbitrary code on the target device.

android-privilege-escalation

Any android device running below android 5.0 lollipop operating system is vulnerable to this attack. Security bug found in java.io.ObjectInputStream is the main cause of this vulnerability, that fails to check whether an Object that is being deserialized is actually a serializable Object.

The Researcher also notified Google about this vulnerability earlier this year and the android team has fixed this vulnerability on Android 5.0 Lollipop.

[Continue reading]