Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Google Play Protect has limited capabilities to protect against in-the-wild exploits of the kind Maddie described. It knows about certain packaged implementations, which means that it can offer some defense from off-the-shelf uses of an exploit, but it definitely does not reduce the risk to anywhere near zero. The only correct way to mitigate against exploits like this is a patch, end of story.


Absolutely, but like I mentioned in the prior post, these are local privescs. You basically need to go out and install malicious apps.

If you can use Windows without it getting full of malware, you can handle unpatched Android LPEs too.

Keep in mind, Webview, browsers, email clients, etc are patched via app update mechanisms.


GPU bugs are particularly concerning because they have significant power (the GPU can often map all of physical memory if convinced to do so) and widely exposed (lots of things need graphics). Turning one of these into a full chain can often require zero bugs if the buggy API is callable from JavaScript, or one to escape the VM and poke the driver.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: