Exploitation of a Samsung Galaxy Note 10+ Zero-Click RCE Bug via MMS
Это в продолжение к моим предыдущим постам: 1 и 2. Есть вопросы про поиск людей и информации? :) Есть вопросы про "поимели"? :)
This video demonstrates the exploitation of a vulnerability in the custom Samsung Qmage image codec via MMS. The exploit proof-of-concept achieves remote code execution with no user interaction on a Samsung Galaxy Note 10+ phone running Android 10 (February 2020 patch level).
Vulnerabilities in the Qmage format were reported by the Google Project Zero team to Samsung in January 2020, and were addressed in the Samsung May 2020 Security Bulletin as SVE-2020-16747. The bugs were also collectively assigned CVE-2020-8899.
https://bugs.chromium.org/p/project-zero/issues/detail?id=2002
https://github.com/googleprojectzero/SkCodecFuzzer
P.S. Рекомендую отключить [автоматическое] получение MMS :)
Click to viewThis video demonstrates the exploitation of a vulnerability in the custom Samsung Qmage image codec via MMS. The exploit proof-of-concept achieves remote code execution with no user interaction on a Samsung Galaxy Note 10+ phone running Android 10 (February 2020 patch level).
Vulnerabilities in the Qmage format were reported by the Google Project Zero team to Samsung in January 2020, and were addressed in the Samsung May 2020 Security Bulletin as SVE-2020-16747. The bugs were also collectively assigned CVE-2020-8899.
https://bugs.chromium.org/p/project-zero/issues/detail?id=2002
https://github.com/googleprojectzero/SkCodecFuzzer
P.S. Рекомендую отключить [автоматическое] получение MMS :)