LeakValue icon indicating copy to clipboard operation
LeakValue copied to clipboard

Published 20 hours ago verified publisher icon michalbednarski

Metadata

Exploit for CVE-2022-20452, privilege escalation on Android from installed app to system app (or another app) via LazyValue using Parcel after recycle()

Results 4 LeakValue issues
Sort by recently updated
recently updated
newest added

Why we need more than one Message?

5 comment

Hi, thank you very much for sharing this research. I notice that in ```makeHolderLeakerWithRewind()```, first a ```Message``` of a large size (might reach the max size?) was transacted, and then...

Sheepbye avatar Sheepbye

NoSuchMethodException

5 comment

When I pressed the start button after the app is installed, it will prompt "java.lang.NoSuchMethodException: android.media.session.ISession$Stub$Proxy.getBinderForSetQueue []" error. I found the exact code is:mGetBinderForSetQueue = mMediaSessionBinder.getClass().getMethod("getBinderForSetQueue"); I use android api...

youyudekucaizi avatar youyudekucaizi

which ROM version it work?

1 comment

My Device: Pixel 6 Android 13.0.0 (TQ1A.230105.002, Jan 2023) It doesn't work

liqihui1 avatar liqihui1

No leakedBinders

3 comment

So, I tried to run this app. I have issue, in which I can't receive any leaked binders from `doAllStuff()`. I got an empty array list `leakedBinders`. I think this...

MikBely avatar MikBely

Metadata

249
Stars
48
Forks
Watchers

Owner

verified publisher icon michalbednarski

Metadata

Exploit for CVE-2022-20452, privilege escalation on Android from installed app to system app (or another app) via LazyValue using Parcel after recycle()

Back