The sub-techniques beta is now live! Read the release blog post for more info.

Privilege Escalation

Privilege escalation includes techniques that allow an attacker to obtain a higher level of permissions on the mobile device. Attackers may enter the mobile device with very limited privileges and may be required to take advantage of a device weakness to obtain higher privileges necessary to successfully carry out their mission objectives.

ID: TA0029
Created: 17 October 2018
Last Modified: 17 October 2018

Techniques

Techniques: 2
ID Name Description
T1404 Exploit OS Vulnerability

A malicious app can exploit unpatched vulnerabilities in the operating system to obtain escalated privileges.

T1405 Exploit TEE Vulnerability

A malicious app or other attack vector could be used to exploit vulnerabilities in code running within the Trusted Execution Environment (TEE) . The adversary could then obtain privileges held by the TEE potentially including the ability to access cryptographic keys or other sensitive data . Escalated operating system privileges may be first required in order to have the ability to attack the TEE . If not, privileges within the TEE can potentially be used to exploit the operating system .