logoalt Hacker News

0x1ceb00dalast Monday at 6:47 AM3 repliesview on HN

Does that mean any android app can use ndk native code execution to become root? Does selinux help here?


Replies

goodburblast Monday at 7:08 AM

Considering that it's rare to get kernel (or any) updates on non-flagship phones, it seems likely.

Backporting an old kernel should be possible, but the only indicator is the system update changelog that explicitly mentions it, I rarely see CVEs mentioned in changelogs on any smartphone. A tool to test the vulnerability is the only way.

Any compromised app on the Play store or external can get root access instantly, but we can still rely on trust and audits when installing apps which should always be the rule.

I suspect that this will be added to all Google Play integrity levels, limiting many apps from being installed on unpatched phones in the future.

That's not the case with browsers with random sites and ads which is hardly avoidable, having any sandbox escape is now more severe considering that it bypasses the app container. It's similar to JailbreakMe on iOS [0]

[0] https://en.wikipedia.org/wiki/JailbreakMe

show 2 replies
jeroenhdlast Monday at 7:37 AM

selinux doesn't help when the kernel itself has been compromized like this. Sandboxes from Android and containerisation tools like Docker do not protect you against this exploit. The only feasible method of restriction is full virtualisation (assuming that if you use KVM, last week's CVE-2026-53359 patches are rolled out everywhere).

Any app that can run native code execution on any version of Linux in the past fifteen years can get root until kernel updates arrive on your devices.