There’s a new round of Stagefright vulnerabilities that allows attackers to execute malicious code on more than one billion phones running ancient as well as much more recent versions of Google’s Android operating system.
Advertisement
Newly discovered vulnerabilities in the way Android processes media files can allow attackers to compromise devices by tricking users into visiting maliciously crafted Web pages.
The security flaw carries numerous same features as the text message Stagefright bug that was discovered in July and was seen as the biggest hole in Android security ever reported. A new exploit was discovered and alerted to the public that hackers can use an exploit simply through the use of MP3 and MP4 embed file. This led Google and several of the Android smartphone manufacturers into a frenzy as they attempted to roll out a patch to secure consumer handsets from any attacks, but it seems we’re still far away from completely taking down the Stagefright bug. Out of the two, the first one affects all Android devices back to the first version of Android, while the second dependent vulnerability that was introduced in Android 5.0. However, it’s said that the malicious code could also be sent to a user by a hacker injecting the exploit into unencrypted network traffic if both the hacker and user are on the same wireless network.
A billion Android smartphones and tablets are at risk from a new bug that can infect devices when they preview audio or video files, a team of security experts have warned. The libutils library has been in Android since 1.0, so every device has this bug. However, since Android 6 is due to release next week as well, it’s possible that only 5.0 and 6.0 devices will receive updates.
One of the vulnerabilities which is found in the core Android library called libutils has been assigned CVE-2015-6602. Zimperium suggests that the web browser is the most likely medium of attack now.
3 party applications such as instant messengers, file sharing apps with media-playing capabilities and media players that use the same vulnerable library. While Google has a patch rolling out, companies like Samsung, HTC, Sony, Lenovo, LG, and Huawei will have to incorporate the code and push out their own updates, while Motorola said they will address these bugs with their upcoming Android M upgrades and maintenance releases for older devices.
Advertisement
Google representatives have said the new round of Stagefright bugs will be fixed in an update scheduled for release next week.
