黑科技:提升进程优先级的一种思路
本文中的demo地址,文中源码为API 28 一、前言 前不久,看到维术大佬发表的一篇文章:另一种黑科技保活方法。文章内容主要是利用Android的2个bug(黑科技就是利用系统bug骚操作)来提升进程的优先级为前台进程,觉得挺有意思,于是决定找个时间研究一下。因为原文中大佬主要写的是
In postNotification of ServiceRecord.java, there is a possible bypass of foreground process restrictions due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.1 Android-9Android ID: A-140108616
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google android 8.1 |
||
google android 9.0 |
||
google android 10.0 |
Qualcomm bugs among the worst – including a critical hole in wireless networking Is it Patch Blues-day for Outlook? Microsoft's email client breaks worldwide, leaves everyone stumped
Google has emitted the August edition of its Android software security updates. This month's fixes include one remote-code-execution bug (CVE-2020-0240), present in the Android Framework. Google warns that the bug "could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process," though isn't being exploited... yet. That flaw was the only remote-code-execution bug present in the 01 level of the security patch bundle. This is t...