Credit: RedHat, Solar Designer, Keen Security Lab of Tencent, @dosomder
This isn’t something that you see often. Solar Designer wrote:
Red Hat’s description includes the usual wording:
“A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.” I’d like to know how. “Crash the system” will do. Thanks.
… and then @idl3r, @returnsme, and @nwmonster) from the Keen Security Lab of Tencent showed him how. This spurred Google into releasing their first ever out-of-band patch to address the vulnerability. Then @dosomder finished the job with a complete rooting tool based on it. In what shouldn’t have been a surprise to anyone, Android malware started abusing this exploit in the wild. They just grow up so quickly these days…