This article discusses the Android Zygote Injection vulnerability (CVE-2024–31317) that allows attackers to perform system-wide code execution and privilege escalation on devices running Android 11 or older. The Zygote process, which forks applications, becomes a target due to a flaw in how commands are processed, allowing malicious inputs to result in unauthorized system privileges. Affected: Android devices (versions 11 or older)
Keypoints :
- The Android Zygote process is essential for managing application and system processes.
- CVE-2024–31317 exposes a vulnerability enabling system-wide code execution via Zygote injection.
- This vulnerability allows attackers to escalate privileges from the shell user to the system user.
- ADB Shell can be exploited to modify the hidden_api_blacklist_exemptions setting, enabling code execution.
- Exploiting this vulnerability may lead to device boot loops, affecting system stability.