Re: [Full-disclosure] An April Fools' Day Android Payload



Hendrik,

Well, they know about it now. ;-)

I figured it was appropriate for April Fools' Day in keeping with the
spirit of mischief. I wouldn't worry too much about seeing exploitation
of what amounts to a local DoS vulnerability that requires a compromised
browser session to exploit. It would be sort of silly to go through the
effort to own someone's phone with the end goal of being a minor
inconvenience to them.

And sorry about the bad formatting on the original post, seems my text
editor, email client, and this mailing list just didn't get along this
time. Clean version at:
http://vulnfactory.org/exploits/aprilfools.S

Regards,
Dan

On 04/02/2012 04:42 AM, ZeroDay.JP wrote:
Mr. Rosenberg,

I understand the PoC you coded and its affect to APT.
But for the April's fool connection, I just don't get it :-)

Does Google know it yet?

regards,

---
ZeroDay Japan http://0day.jp
Hendrik ADRIAN /アドリアン・ヘンドリック
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages