grishka 15 hours ago

If you're going to exploit a privilege escalation vulnerability from your app, why not just grab the most interesting parts of the /data partition while you're at it?

Reply View 1 reply
  • daveguy 4 hours ago

    Sure why not. I wasn't implying that a zero day that allows surreptitiously recording the phone screen is the only shitty thing that can be done with your phone with a zero day.

    Also, it is possible for a zero day to break specific privileges (like screen record without notification) rather than root.

    Reply View 0 replies
simonw 14 hours ago

Burning a zero-day like that for targeted advertising seems extremely unlikely to me.

Reply View 2 replies
  • [removed] 4 hours ago
    [deleted]
    Reply View 0 replies
  • daveguy 4 hours ago

    I think you missed the point GP was making. I believe they meant the vector might come from that kind of SDK. Not that someone who had a zero day to allow surreptitiously recording phone screens would use it for that purpose.

    Reply View 0 replies