CVE-2020-0096

Information of the original vulnerability

StrandHogg2 Poc for StrandHogg2 (CVE-2020-0096) Information of the original vulnerability Current Description In startActivities of ActivityStartControllerjava, there is a possible escalation of privilege due to a confused deputy This could lead to local escalation of privilege with no additional execution privileges needed User interaction is not needed for exploitation

CVE-2020-0096-StrandHogg2 复现

此设计缺陷使攻击者可以在另一个应用程序的顶部显示其自己的活动（页面），从而可能使用户迷失自己的私人数据。该漏洞被称为StrandHogg 20，最近由挪威安全公司Promon披露。 范围：理论上是全版本 android10测试失败了，测试801测试成功 验证步骤： 修改代码为目标app的包名和导出的ac

Significant security enchancements of recent major Android versions.

Android Security Evolution Significant security enhancements of recent major Android versions, starting with Android 50 Lollipop (API 21) Android 50 (API 21) - Lollipop Security Enhancements in Android 50 Starting August 2023, Google Play Services updates will only be received from this Android version see Google Play services discontinuing updates for KitKat (API levels 1

StrandHoggAttacks This repository contains the PoC source codes for both StrandHogg attack versions Please use the software for educational purposes only StrandHogg v1 attack: "Towards Discovering and Understanding Task Hijacking in Android" - Chuangang Ren, The Pennsylvania State University; Yulong Zhang, Hui Xue, and Tao Wei, FireEye, Inc; Peng Liu, The Pennsylva