THREAT OPS › Threat News › A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave
A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave
<p>With the advent of a potential Dolby Unified Decoder RCE exploit, it seemed prudent to see what kind of Linux kernel drivers might be accessible from the resulting userland context, the <code class="language-plaintext highlighter-rouge">mediacodec</code> context. <a href="https://source.android.com/docs/core/media/framework-hardening?authuser=1#mediacodecservice_changes">As per the AOSP documen
Attributed threat actors
- Earth LuscaG1006
MITRE ATT&CK techniques
- CredentialsT1589.001
Indicators of compromise
- 3Ka22KKy2AHi61SM87RCBmMPNnQsMxKbtc
- 13Swx3io53CY6AnpJ9szTzVknmqKeuEJbtc
- 3yEQ3WUfXe6R2eCTVukSUeEQXfUbtc
- 3QCWYWGcD88QVBZjCAvtN5UjvYvNATZ1btc
- 3RdmKDtD9tMYGUDUHeBNTN8f6twGbtc
- 3daHRWCwWjUYjETAcEmaorupmaR5oZbtc
- 1pbeqxMt4XuNZo2vf7GqDxbkF1cvHbLph3Hbtc
- 3RAJmNJwNEQDcmAewwCWTQ7kwgswkUNoGibtc
- 1V34UWfueH3q9SbBzebUyRqACxNVbtc
- 3tYP97a8vwwmz3y2WPmv5eqvF8ubtc
- 3urK3cbkbmNydjqytzCZW5jMH133v2Myvncbtc
- 3BLroXcMGjSLHTWKXXRK3fXLvAxLvY3Lbtc
- 1UGRvQmhbemRrYnuTbKvGsjHQuDnfNjbtc
- 1v97Q3Wi2KopzDJUu5V1r2wJ7Hz7btc
- 1AFejiChKCcGGGRZ5gh3kaocMgSbtc
- 1u9jaExrKaiq87E9TVEhazsCQksTFbtc
- 3122qBBUMBLL72UhMQwAJoAAjEYTz31FNbtc
- 3DSav9a2dM65XnvT5hw5cWXPnjHXXfd3Lbtc
- 3XbpXFN2Lxbn1rvtsmMNSZrMKwbbtc
- https://source.android.com/docs/core/media/framework-hardening?authuser=1#mediacodecservice_changesurl
- https://googleprojectzero.blogspot.com/2024/12/qualcomm-dsp-driver-unexpectedly-excavating-exploit.htmlurl
- https://googleprojectzero.blogspot.com/2024/06/driving-forward-in-android-drivers.htmlurl
- https://googleprojectzero.blogspot.com/2023/09/analyzing-modern-in-wild-android-exploit.htmlurl
- https://project-zero.issues.chromium.org/issues/380081941url
- https://project-zero.issues.chromium.org/issues/42451599url
- https://project-zero.issues.chromium.org/issues/389724938url
- https://project-zero.issues.chromium.org/u/1/issues/425917200url
- https://project-zero.issues.chromium.org/u/1/issues/426548270url
- https://project-zero.issues.chromium.org/issues/426567975url
- https://googleprojectzero.blogspot.com/2025/11/defeating-kaslr-by-doing-nothing-at-all.htmlurl
- https://googleprojectzero.blogspot.com/2023/09/analyzing-modern-in-wild-android-exploit.html#:~:text=Stabilizing%20The%20Arbitrary%20Writeurl
Original source: https://projectzero.google/2026/01/pixel-0-click-part-2.html