"Security Researcher Publishes Proof-Of-Concept Code for Recent Android Zero-Day"

Grant Hernandez, a PhD candidate at the Florida Institute of Cyber Security at the University of Florida, recently published proof-of-concept (PoC) code on GitHub for an Android zero-day vulnerability discovered by Google Project Zero security researchers. According to Hernandez, the PoC called Qu1ckR00t, can circumvent Discretionary Access Control (DAC) and Linux Capabilities (CAP). In addition, Security-Enhanced Linux (SELinux), Secure Computing Mode (SECCOMP), and Mandatary Access Control (MAC) can be disabled using the PoC. Attackers can use the PoC to gain full control of an Android device. This article continues to discuss the zero-day vulnerability and the PoC codes shared by researchers for this vulnerability. 

ZDNet reports "Security Researcher Publishes Proof-Of-Concept Code for Recent Android Zero-Day"

Submitted by Anonymous on