You thought Stagefright was just taking a bow? Surprise! It's an encore.

Subject: General Tech | October 1, 2015 - 12:44 PM |
Tagged: stagefright, security, Android

Assuming you have a carrier with a sense of responsibility and a reasonably modern phone the chances are you are patched against the original Stagefright vulnerability.  This is not the case for the recently reported vulnerabilities dubbed Stagefright 2.0.  If you open a specially and nefariously modified MP3 or MP4 file in Stagefright on Android 5.0+ it has been confirmed that those files can trigger remote code execution via libstagefright.  If you are on an older model then the vulnerability lies in libutils and can be used for the same purpose, gaining access to the data stored on your device.  From the security company reports that The Register has linked, it sounds like we can expect many repeat performances as the Stagefright library was poorly written and contains many mistakes; worse is the fact that it is not sandboxed in any way and has significantly higher access than an application for playing media files should ever have.

View Full Size

"Joshua Drake from the security outfit Zimperium zLabs introduced us to StageFright earlier this summer, and he is now back with a similar warning and a brace of problems, according to a post on the Kaspersky Threatpost news site."

Here is some more Tech News from around the web:

Tech Talk

 

Source: The Register

No comments posted yet.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

By submitting this form, you accept the Mollom privacy policy.