POSTS

Untethered initroot (USENIX WOOT '17)
By Roee Hay,
30-Aug 2017
,
CVE-2016-10277
ALEPH-2017024
Nexus 9 vs. Malicious Headphones, Take Two
By Roee Hay,
13-Jun 2017
,
CVE-2017-0648
CVE-2017-0510
CVE-2017-0563
CVE-2017-0582
initroot: Hello Moto
By Roee Hay,
07-Jun 2017
,
CVE-2016-10277
initroot: Bypassing Nexus 6 Secure Boot through Kernel Command-line Injection
By Roee Hay,
23-May 2017
,
CVE-2016-10277
CVE-2017-1000363
OnePlus OTAs: Analysis & Exploitation
By Roee Hay,
11-May 2017
,
CVE-2017-5948
CVE-2017-8850
CVE-2017-8851
CVE-2016-10370
Owning OnePlus 3/3T with a Malicious Charger: The Last Piece of the Puzzle
By Roee Hay,
26-Mar 2017
,
CVE-2017-5622
CVE-2017-5626
CVE-2017-5624
Attacking Nexus 9 with Malicious Headphones
By Roee Hay,
08-Mar 2017
,
CVE-2017-0510
CVE-2017-0563
CVE-2017-0582
Owning a Locked OnePlus 3/3T: Bootloader Vulns
By Roee Hay,
08-Feb 2017
,
CVE-2017-5626
CVE-2017-5624
Attacking Nexus 6/6P Custom Boot Modes
By Roee Hay & Michael Goberman,
05-Jan 2017
,
CVE-2016-8467
CVE-2016-6678

VULNS

08/30/17

ALEPH-2017024
Motorola Android Bootloader Unlocking a Re-locked Bootloader from Platform OS
08/01/17

CVE-2017-11105
OnePlus 2 Lack of SBL1 Validation Broken Secure Boot
06/13/17

CVE-2017-0648
Google Nexus 9 Ephemeral Access to Unrestricted FIQ Debugger and SysRq
05/25/17

ALEPH-2017017
Apple iOS/watchOS/tvOS IOKit Buffer Overflow in Device-Tree Parsing
05/23/17

CVE-2017-1000363
Linux lp.c Out-of-Bounds Write via Kernel Command-line
05/23/17

CVE-2016-10277
Motorola Android Bootloader Kernel Cmdline Injection Secure Boot Bypass
05/11/17

CVE-2016-10370
OnePlus OTA Lack of TLS Vulnerability
05/11/17

CVE-2017-8851
OnePlus OTA One/X Crossover Vulnerability
05/11/17

CVE-2017-8850
OnePlus OTA OxygenOS/HydrogenOS Crossover Vulnerability
05/11/17

CVE-2017-5948
OnePlus OTA Downgrade Vulnerability
05/04/17

CVE-2017-0582
Google Nexus 9 SensorHub Firmware Downgrade Vulnerability
05/03/17

CVE-2017-0563
Google Nexus 9 Cypress SAR Firmware Injection via I2C
04/25/17

CVE-2017-5625
OnePlus 3/3T OxygenOS Unauthorized Flash Dumping via fastboot
03/28/17

CVE-2017-2436
macOS IOFireWireAVC Kernel Extension Out of Bounds Vulnerability
03/26/17

CVE-2017-5622
OnePlus 3/3T OxygenOS Charger Boot Mode ADB Access
03/19/17

CVE-2017-5623
OnePlus 3/3T OxygenOS Unauthorized Boot Mode Changing
03/08/17

CVE-2017-0510
Google Nexus 9 Unauthorized Access to FIQ Debugger
02/08/17

CVE-2017-5626
OnePlus 3/3T OxygenOS 4F500301 Bootloader Locking Bypass
02/08/17

CVE-2017-5624
OnePlus 3/3T OxygenOS dm-verity Security Bypass
02/06/17

CVE-2017-0433
Google Nexus Synaptics Touchscreen Firmware Injection
01/27/17

CVE-2017-3160
Cordova-Android MiTM Remote Code Execution
01/11/17

CVE-2017-5554
OnePlus 3/3T OxygenOS SELinux Security Bypass
01/05/17

CVE-2016-8467
Google Nexus 6/6P Custom Boot Modes USB Configs Override