Exploit OS Vulnerability

A malicious app can exploit unpatched vulnerabilities in the operating system to obtain escalated privileges.

ID: T1404
Sub-techniques:  No sub-techniques
Tactic Type: Post-Adversary Device Access
Tactic: Privilege Escalation
Platforms: Android, iOS
MTC ID: APP-26
Version: 1.0
Created: 25 October 2017
Last Modified: 17 October 2018

Procedure Examples

Name Description
Agent Smith

Agent Smith exploits known OS vulnerabilities, including Janus, to replace legitimate applications with malicious versions.[1]

BrainTest

Some original variants of BrainTest had the capability to automatically root some devices, but that behavior was not observed in later samples.[2]

Dvmap

Dvmap attempts to gain root access by using local exploits.[3]

Exodus

Exodus Two attempts to elevate privileges by using a modified version of the DirtyCow exploit.[4]

FinFisher

FinFisher comes packaged with ExynosAbuse, an Android exploit that can gain root privileges.[5]

Gooligan

Gooligan executes Android root exploits.[6]

HummingBad

HummingBad can exploit unfixed vulnerabilities in older Android versions to root victim phones.[7]

INSOMNIA

INSOMNIA exploits a WebKit vulnerability to achieve root access on the device.[8]

Pegasus for Android

Pegasus for Android attempts to exploit well-known Android OS vulnerabilities to escalate privileges.[9]

Pegasus for iOS

Pegasus for iOS exploits iOS vulnerabilities to escalate privileges.[10]

ShiftyBug

ShiftyBug is packed with at least eight publicly available exploits that can perform rooting.[11]

Skygofree

Skygofree has the capability to exploit several known vulnerabilities and escalate privileges.[12]

SpyDealer

SpyDealer uses the commercial rooting app Baidu Easy Root to gain root privilege and maintain persistence on the victim.[13]

Zen

Zen can obtain root access via a rooting trojan in its infection chain.[14]

Mitigations

Mitigation Description
Application Vetting

Application vetting may be able to identify the presence of exploit code within applications.

Security Updates
Use Recent OS Version

References