Home | VerSprite Resources
View VerSprite's Compliance Advisory Services →
Download Service Listings
Android Vulnerabilities and Exploits
This blog continues Part I of the android exploitation experiment. We build a proof-of-concept code with an Android NDK. UAF vulnerability (CVE-2019-2215)
Learn more
Batuhan Irmak
Attack Surface
This blog post will trigger a UAF vulnerability (CVE-2019-2215) in Binder from scratch. After preparing the necessary environment and tools, we will reach the KASAN output with the POC exploit.
InfoSec
What is responsible disclosure? In this article, VerSprite will outline a typical process for zero-day vulnerability reporting, the ethics behind hacking, and provide real-world examples of our responsible disclosures.
VerSprite
Reverse Engineering
In part two of this series, we’ll dive deeper into the technical specifications of the CarLinkBT module. We’ll also discuss the dynamic analysis and testing performed to confirm our findings. Finally, we’ll walk through the process of developing an exploit for this vulnerability.
Fabius Watson
In this blog post, we will cover the types of memory corruption scenarios that can be triggered through deserializing untrusted JSON in the Jackson, FlexJSON, and json-io libraries on Android.
The Android operating system and the mobile devices it runs on dominate the market in comparison to other device manufactures. Along with the market share, the Android ecosystem is heavily fragmented; that is to say many individuals are still using older versions of the Android operating system.
Exploit Development
VerSprite’s Director of Security Research, Ben Watson, takes a deep dive into the Dalvik Virtual Machine’s JIT implementation and how it can be used and abused to execute shellcode.
On the shoulders of giants, this presentation will take a deep dive into the Dalvik Virtual Machine’s JIT implementation and how it can be used and abused to execute shellcode.
The Backup and Restore feature in Mobotap’s Dolphin Browser for Android 12.0.2, suffers from an arbitrary file write vulnerability when attempting to restore browser settings from a malicious Dolphin Browser backup file.
Back to Resources
We are an international squad of professionals working as one.
Email
Phone