Google Android Local Privilege Escalation Vulnerabilities

luni/src/main/java/java/io/ in the implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service, as de

číst dál

Napsat komentář

Vaše emailová adresa nebude zveřejněna. Vyžadované informace jsou označeny *