Mobile Security8 July 2026
Pixel 9 0-Click Chain, Part 2: A Codec Bug Reaches the Kernel via /dev/bigwave
Google Project Zero's second installment shows how a sandboxed mediacodec foothold on a Pixel 9 became full kernel read/write through a use-after-free in the BigWave AV1 decoder driver.
androidpixelkernel-exploit