New Android Critical Vulnerabilities
1. CVE-2015-1538 Exploit for Android is Now Available for Testing Purposes
This exploit has several caveats. First, it is not a generic exploit. Zimperium Team only tested it to work on a single device model. Zimperium Team tested this exploit on a Nexus running Android 4.0.4. Also, due to variances in heap layout, this is not a 100% reliable exploit by itself.
Zimperium Team were able achieve 100% reliability when delivered through an attack vector that allowed multiple attempts. Finally, this vulnerability was one of several that was neutered by GCC 5.0’s ‘new[]’ integer overflow mitigation present on Android 5.0 and later. (more…)