Exploit OS Vulnerability

A malicious app can exploit unpatched vulnerabilities in the operating system to obtain escalated privileges.

ID: T1404

Tactic Type:  Post-Adversary Device Access

Tactic: Privilege Escalation

Platform:  Android, iOS

MTC ID:  APP-26

Version: 1.0

Mitigations

MitigationDescription
Application VettingApplication vetting may be able to identify the presence of exploit code within applications.
Security Updates
Use Recent OS Version

Examples

NameDescription
BrainTest

Some original variants of BrainTest had the capability to automatically root some devices, but that behavior was not observed in later samples.[1]

Gooligan

Gooligan executes Android root exploits.[2]

HummingBad

HummingBad can exploit unfixed vulnerabilities in older Android versions to root victim phones.[3]

Pegasus for Android

Pegasus for Android attempts to exploit well-known Android OS vulnerabilities to escalate privileges.[4]

Pegasus for iOS

Pegasus for iOS exploits iOS vulnerabilities to escalate privileges.[5]

ShiftyBug

ShiftyBug is packed with at least eight publicly available exploits that can perform rooting.[6]

Skygofree

Skygofree has the capability to exploit several known vulnerabilities and escalate privileges.[7]

SpyDealer

SpyDealer uses the commercial rooting app Baidu Easy Root to gain root privilege and maintain persistence on the victim.[8]

References