Android’s Zygote process is responsible for spawning every application on a device, making it one of the most sensitive targets in the mobile ecosystem. The Zygote Injection vulnerability (CVE-2024-31317) - discovered by researchers at Meta - exposes a flaw in Android’s Zygote process that lets attackers inject arbitrary arguments, making it possible to launch apps with elevated privileges, run them as debuggable apps, or spawn interactive system-level shells.

While this issue has been mitigated in newer Android versions, it remains highly relevant in the wild. Devices such as POS machines, kiosks, and other embedded Android systems often operate on outdated versions of Android, leaving them vulnerable.

This talk walks through how Zygote Injection works, explores its modern exploitation potential, and introduces open-source tooling we have developed to automate the attack chain. Attendees will walk away with both practical knowledge and a hands-on toolkit to test Android systems still vulnerable in 2025.