Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore a critical Android security vulnerability in this DEF CON 33 conference talk that demonstrates how the supposedly patched LaunchAnywhere vulnerability can still be exploited. Learn about the BadResolve technique, a new exploitation method that bypasses Google's and device vendors' destination component checks, allowing zero-permission applications to invoke protected activities with system-level privileges. Discover how this vulnerability affects all Android versions, including Android 16, and understand the security implications of these persistent weaknesses. Examine the speaker's methodology for identifying exploitable methods in both AOSP and vendor-specific closed-source implementations using LLM Agents and MCP (Model Context Protocol). Gain insights into the evolution of Android security patches and why current defenses remain insufficient against sophisticated attack vectors. Understand the real-world impact of these vulnerabilities, which have been actively exploited in the wild and confirmed by Google, leading to new security patches.
