OS-MOBILE -- Snort has detected traffic targeting vulnerabilities in a mobile-based operating system. This does not include browser traffic or other software on the OS, but attacks against the OS itself. (such as?)
OS-MOBILE Android Binder use after free exploit attempt
This rule searches for binary strings that indicate a file download attempt for CVE-2019-2215 exploit code.
What To Look For
This rule detects a file download attempt for CVE-2019-2215 exploit code.
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE ATT&CK Framework
Tactic: Privilege Escalation
Technique: Exploitation for Privilege Escalation
For reference, see the MITRE ATT&CK vulnerability types here:
CVE Additional Information
CVE-2019-2215A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
||Ease of Access||LOW