334
submitted 2 months ago by Flax_vert@feddit.uk to c/selfhosted@lemmy.world
you are viewing a single comment's thread
view the rest of the comments
[-] GamingChairModel@lemmy.world 2 points 2 months ago

Android doesn't have su, which this proof of concept exploit requires. Although rooted Android does, so in theory malware written for rooted Android could escalate to root privileges.

Also, the underlying vulnerabilities might be exploitable without su but I don't fully understand the AF_ALG and authencesn bug limits things, or what other executables can escalate privileges.

[-] wewbull@feddit.uk 2 points 2 months ago

Don't need specifically SU by my understanding. Just any suid executable.

[-] GamingChairModel@lemmy.world 2 points 2 months ago

Ah yeah. Plus apparently Android's default SELinux configuration blocks this separately, as well.

this post was submitted on 30 Apr 2026
334 points (98.3% liked)

Selfhosted

60526 readers
1369 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

  8. AI-related discussions and AI-involved promotional posts have additional requirements for tagging, as noted in Rule 7 and the AI & Promotional Post Expanded Rules post.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS