A new mobile exploit recently unveiled at the MobilePwn2Own panel at the PacSec conference this week enables an attacker to take control of any Android device via a Chrome link which unknowingly directs users to a malicious website.
“The impressive thing about Guang’s exploit is that it was one shot”, PacSec organiser Dragos Ruiu told Vulture South in remarks that were relayed by The Register.”Most people these days have to exploit several vulnerabilities to get privileged access and load software without interaction.”
So what happens next?
Well, a representative from Google’s security team was naturally in attendance and he will reportedly head back to the mothership where the Android team will get busy working on a patch. As for Gong, he won a free trip to next year’s CanSecWest security conference and it’s also likely that he’ll get some cold hard cash in the form of a bug bounty reward from Google.