Exploit OS Vulnerability

A malicious app can exploit unpatched vulnerabilities in the operating system to obtain escalated privileges.

ID: T1404

Tactic Type:  Post-Adversary Device Access

Tactic: Privilege Escalation

Platform:  Android, iOS

MTC ID:  APP-26

Version: 1.0

Mitigations

Mitigation Description
Application Vetting Application vetting may be able to identify the presence of exploit code within applications.
Security Updates
Use Recent OS Version

Examples

Name Description
BrainTest

Some original variants of BrainTest had the capability to automatically root some devices, but that behavior was not observed in later samples.[1]

FinFisher

FinFisher comes packaged with ExynosAbuse, an Android exploit that can gain root privileges.[2]

Gooligan

Gooligan executes Android root exploits.[3]

HummingBad

HummingBad can exploit unfixed vulnerabilities in older Android versions to root victim phones.[4]

Pegasus for Android

Pegasus for Android attempts to exploit well-known Android OS vulnerabilities to escalate privileges.[5]

Pegasus for iOS

Pegasus for iOS exploits iOS vulnerabilities to escalate privileges.[6]

ShiftyBug

ShiftyBug is packed with at least eight publicly available exploits that can perform rooting.[7]

Skygofree

Skygofree has the capability to exploit several known vulnerabilities and escalate privileges.[8]

SpyDealer

SpyDealer uses the commercial rooting app Baidu Easy Root to gain root privilege and maintain persistence on the victim.[9]

References