A security weakness in Android mobile operating system versions below 5.0 that puts potentially every Android device at risk for privilege escalation attacks, has been patched in Android 5.0 Lollipop.
A technical description of the bug has been provided by Jann Horn, the security researcher who discovered the flaw. He says that apps can communicate with system_service, which runs with admin privileges (UID 1000), using Intents with attached Bundles; these “are transferred as arraymap Parcels and arraymap Parcels can contain serialized data. This means that any app can attack the system_service this way,”
In order to explain the issue, the security researcher has provided technical details and also developed a proof-of-concept (PoC) that crashes system_service. Till now, a full exploit of the bug has not been created and also Horn is not entirely sure about how predictable the address layout of the system_server really is or how easy it is to write a large amount of data into system_server’s heap. However, in order to exploit this vulnerability on a vulnerable device, one need to get a malicious app onto the target device.
Android 5.0 Lollipop is the latest mobile operating system by Google, who describe Lollipop as “the largest Android release yet,” with more than 5,000 new APIs. But users of Lollipop are warning others not to immediately upgrade their mobile OS, after experiencing broken apps, repeated crashes, and device slowdowns.