-
Tips for becoming a good boxer - November 6, 2020
-
7 expert tips for making your hens night a memorable one - November 6, 2020
-
5 reasons to host your Christmas party on a cruise boat - November 6, 2020
-
What to do when you’re charged with a crime - November 6, 2020
-
Should you get one or multiple dogs? Here’s all you need to know - November 3, 2020
-
A Guide: How to Build Your Very Own Magic Mirror - February 14, 2019
-
Our Top Inspirational Baseball Stars - November 24, 2018
-
Five Tech Tools That Will Help You Turn Your Blog into a Business - November 24, 2018
-
How to Indulge on Vacation without Expanding Your Waist - November 9, 2018
-
5 Strategies for Businesses to Appeal to Today’s Increasingly Mobile-Crazed Customers - November 9, 2018
Google patches another ‘high severity’ bug in Android
Stagefright was one of the biggest and most worrying security vulnerabilities to be discovered in Android for quite some time. “Devices with customised versions of Android but with no modification made to the media server component are also affected”. Even though the distribution of updates in the Android ecosystem has shown some improvements lately, there will likely be many devices that will not be patched because they are no longer supported.
Advertisement
The latest vulnerability, designated as CVE-2015-3842, involves the AudioEffect component of the Android mediaserver program.
Therefore it is possible to craft a rogue application without any special permissions that could exploit the flaw to trigger a heap overflow, the Trend Micro researchers said Monday in a blog post. Despite this, and the fact that Google has issued a patch, millions of handset remain vulnerable not only to Stagefright, but also to the more recent AudioEffect exploit. The flaw, which was originally discovered by Zimperium zLabs security researcher Joshua Drake, reportedly allows hackers to take control of certain features on unpatched Android devices remotely, by injecting malicious code through a multimedia file sent via an MMS (Multimedia Messaging Service), thereby compromising the device.
This attack can be fully controlled, which means a malicious app can decide when to start the attack and also when to stop. “Currently, there are no known active attacks against this vulnerability”, the company added. An attacker would be able to run their code with the same permissions that mediaserver already has as part of its normal routines. Google, carriers, and OEMs were quick to roll out the patch, but unfortunately, it seems it does not actually fix the problem. Following the Stagefright revelation last month, Google, Samsung and LG announced they would begin providing security updates for their Android devices about once a month.
Advertisement
In a talk at the Black Hat security conference on August. 5, Android’s lead security engineer, Adrian Ludwig, referred to the Stagefright patching effort as the “single largest unified software update in the world”.