The organizer of PacSec Dragos Ruiu explained to Vulture South, “The impressive thing is that the exploit Guang works in one shot: most people these days have to exploit several vulnerabilities to gain privileged access to software without interaction”.
PC Mag noted that from the time when Google was notified of the bug during the conference, some corrections are probably coming in and those who would take advantage of this exploit will not be able to do so. And since Guang Gong has not fully disclosed the details to the public, it may be qualified to receive an award under the program bug bounty Google , which pays rewards of up to $ 15,000 for those shows or solves problems of Chrome.
Last month were found two new vulnerabilities Stagefright , putting billions of users with devices running on Android versions also dating back to the distant 2008 at risk. Stagefright 2.0 can affect devices running versions of Android Lollipop (5.0 to 5.1.1) through remote code execution, Zimperium said in a report, and can be exploited via a web browser. Zimperium informed Google of these defects on August 15 and October 5, and Google has released new patches promptly.