You thought Stagefright was just taking a bow? Surprise! It's an encore.

Subject: General Tech | October 1, 2015 - 12:44 PM |
Tagged: stagefright, security, Android

Assuming you have a carrier with a sense of responsibility and a reasonably modern phone the chances are you are patched against the original Stagefright vulnerability.  This is not the case for the recently reported vulnerabilities dubbed Stagefright 2.0.  If you open a specially and nefariously modified MP3 or MP4 file in Stagefright on Android 5.0+ it has been confirmed that those files can trigger remote code execution via libstagefright.  If you are on an older model then the vulnerability lies in libutils and can be used for the same purpose, gaining access to the data stored on your device.  From the security company reports that The Register has linked, it sounds like we can expect many repeat performances as the Stagefright library was poorly written and contains many mistakes; worse is the fact that it is not sandboxed in any way and has significantly higher access than an application for playing media files should ever have.

stagefright-android.jpg

"Joshua Drake from the security outfit Zimperium zLabs introduced us to StageFright earlier this summer, and he is now back with a similar warning and a brace of problems, according to a post on the Kaspersky Threatpost news site."

Here is some more Tech News from around the web:

Tech Talk

 

Source: The Register

Bad Google! That is not how you patch

Subject: General Tech | August 14, 2015 - 12:56 PM |
Tagged: google, stagefright, Android, security

So it would seem that the patch which Google rolled out and carriers have been pushing OTA is not going to be the last that we hear of Stagefright as the patch is not all that effective.  Stagefright is a vulnerability present on all 950 million devices running Android 2.2 to 5.1 and allows certain MMS to be able to execute code on your mobile device.  The recently released patch does not completely ameliorate this vulnerability, an MMS can still cause the library to crash, most likely just preventing you from using the application but possibly allowing other attacks to occur. 

Also of note is the monthly Android patches that Google is providing to various phone manufacturers who are supposed to be pushing them out.  As many Android users will have noticed, up to and including the staff at The Register, you may not have seen the flawed patch yet, let alone the update for the patch.

stagefright03.jpg

"Google's security update to fix the Stagefright vulnerability in millions of Android smartphones is buggy – and a new patch is needed.

Here is some more Tech News from around the web:

Tech Talk

 

Source: The Register

Stagefright not causing butterflies anymore

Subject: General Tech | July 29, 2015 - 01:02 PM |
Tagged: google, stagefright, security

The Stagefright media player vulnerability on Android powered Nexus devices which allowed the possibility of running remotely execute code via an MMS containing a specially crafted media file.  It made headlines everywhere even though it is incredibly unlikely the bug was ever used in an attack.  Regardless, you no longer need to worry as Google has crafted a patch and has released it to the carriers.  You should keep an eye out this week and next for the update and if you do not see it apply you should reach out to your carrier.  More at The Inquirer.

stagefright-100598752-primary.idge_.png

"GOOGLE HAS SAID THAT THE STAGEFRIGHT PROBLEM is well in hand, and that it rushed to sort out the Android OS jitters before anything bad happened."

Here is some more Tech News from around the web:

Tech Talk

Source: The Inquirer