Meta X’s Red Team recently discovered a critical vulnerability (CVE-2024-31317) in Android’s Zygote process, which allows an attacker to execute code with system-wide privileges.
Android’s Zygote process, responsible for forking new applications and system processes, does not handle certain settings commands securely, allowing an attacker to inject malicious code into the system process.
Met X demonstrated how the vulnerability can be exploited to escalate privileges from the shell user to the system user via ADB Shell, taking advantage of the ADB Shell’s WRITE_SECURE_SETTINGS permission to modify the hidden_api_blacklist_exemptions setting.
The vulnerability can be mitigated on Android 12 or later by disabling the app visibility option, and on Android 11 or earlier by updating the platform.