The 2016 Pwnie Award For Best Privilege Escalation Bug
Widevine QSEE TrustZone Privilege Escalation
The best part about platforms building new layers of privilege with Trusted Execution Environments is that they all present new opportunities for wicked cool privilege escalation vulnerabilities. While Intel is down to somewhere around Ring -37, ARM-based platforms are catching up quickly. A mysterious porcupine slash hacker slash blogger has spent the last year documenting a privilege escalation chain from zero privileges to full dumping of FDE keys outta TrustZone. The exploitation of this vulnerability in the Widevine DRM- protected video trustlet was a work of art and it deserves a video of a round of applause displayed through a hardware-protected video path that fully protects the rights of the content owner end-to-end.