Leveraging Android Permissions: A Solver Approach β Thalium - 2022
#Cybersecurity #Vulnerabilities #ApplicationPermissions #Android
The logic of the rules behind this system are mostly implemented in two framework services: PermissionManagerService and PackageManagerService.
Recently, those components have suffered from several vulnerabilities that were found through fuzzing. They led to critical privilege escalation without user consent.
In this blog post, we first present a case study of a permission management vulnerability. Then, we describe the solver approach we followed to help in the vulnerability research. Eventually, we explain a new vulnerability that was discovered thanks to the solver, and which was reported to Google.
#Cybersecurity #Vulnerabilities #ApplicationPermissions #Android