(0Day) (Mobile Pwn2Own) Samsung Galaxy S5 MethodSpec Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable Samsung Galaxy S5s. Authentication is not required to exploit this vulnerability. The specific flaw exists within the com.absolute.android.persistence.MethodSpec Class. The createFromParcel() method performs dynamic class loading but does not restrict the source of the classes to be loaded. An attacker can craft a Parcelable object specifying arbitrary class files that will be loaded when the MethodSpec object is deserialized, resulting in remote code execution as the system user.