", and it took less than two days for ivan to find cve - 2025 - 54957. likewise, seth found cve - 2025 - 36934 after less than one day of reviewing the bigwave driver. of course, it ’ s easy to forget the effort that went into finding these attack surfaces – the dolby hackathon re…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1068Exploitation for Privilege Escalation
98%
"threat intelligence group ( gtig ) has detected and reported 16 android driver vulnerabilities being used by attackers in the wild since 2023. driver security remains an urgent problem affecting android ’ s users that will likely require multiple approaches to improve. rewriting …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1068Exploitation for Privilege Escalation
95%
"gaining kernel privileges from a 0 - click context required only two software defects. longer exploit chains are typically required on certain platforms because of effective sandboxing and other privilege limitation features. to bypass these, attackers need to find multiple bugs …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1068Exploitation for Privilege Escalation
91%
"privileges from the mediacodec context on android, but almost all modern vulnerabilities require this, and we informed them that there is strong evidence that exploit vendors have access to kernel privilege escalation vulnerabilities on most android devices. no other vendor we ’ …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1068Exploitation for Privilege Escalation
85%
"- weeks for a well - resourced attacker. android has invested a fair amount in the security of media codecs through vulnerability rewards programs and by fuzzing them with tools like oss - fuzz. while it is unlikely that fuzzing would have uncovered this particular udc bug, as fa…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
While our previous two blog posts provided technical recommendations for increasing the effort required by attackers to develop 0-click exploit chains, our experience finding, reporting and exploiting these vulnerabilities highlighted some broader issues in the Android ecosystem. This post describes the problems we encountered and recommendations for improvement. Audio Attack Surface The Dolby UDC is part of the 0-click attack surface of most Android devices because of audio transcription in the Google Messages application. Incoming audio messages are transcribed before a user interacts with the message. On Pixel 9, a second process com.google.android.tts also decodes incoming audio. Its purpose is not completely clear, but it seems to be related to making incoming messages searchable.