OPPO Amber Lab

Jul 1, 2024 · Information Security

Exploiting LazyValue: How Use‑After‑Recycled Bugs Leak Android Parcel Data

This article analyzes a class of historical Android Parcelable vulnerabilities, explains the LazyValue mechanism and its use‑after‑recycled issue, demonstrates how negative length fields can rewind parcel pointers, and outlines exploitation steps and patch locations.