Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore a groundbreaking security research presentation that unveils a novel attack vector targeting mobile applications through mini-apps within super-app ecosystems. Discover how researchers from ByteDance's IES Red Team identified critical vulnerabilities in the sandbox environments of 11 popular super-apps, demonstrating methods for sandbox escaping and privilege escalation that can lead to remote code execution and account hijacking. Learn about the adaptation of JavaScript prototype pollution techniques specifically for mini-app frameworks, enabling attackers to tamper with environment logic, invoke privileged APIs, inject parameters, and access sensitive data. Understand the significant security implications of these findings, which affected 9 different super-apps with over 10 billion downloads combined, and gain insights into this newly exposed remote attack surface for mobile applications that poses serious risks to billions of users' privacy and security.
