You thought Stagefright was just taking a bow? Surprise! It's an encore.
Subject: General Tech | October 1, 2015 - 12:44 PM | Jeremy Hellstrom
Tagged: stagefright, security, Android
Assuming you have a carrier with a sense of responsibility and a reasonably modern phone the chances are you are patched against the original Stagefright vulnerability. This is not the case for the recently reported vulnerabilities dubbed Stagefright 2.0. If you open a specially and nefariously modified MP3 or MP4 file in Stagefright on Android 5.0+ it has been confirmed that those files can trigger remote code execution via libstagefright. If you are on an older model then the vulnerability lies in libutils and can be used for the same purpose, gaining access to the data stored on your device. From the security company reports that The Register has linked, it sounds like we can expect many repeat performances as the Stagefright library was poorly written and contains many mistakes; worse is the fact that it is not sandboxed in any way and has significantly higher access than an application for playing media files should ever have.
"Joshua Drake from the security outfit Zimperium zLabs introduced us to StageFright earlier this summer, and he is now back with a similar warning and a brace of problems, according to a post on the Kaspersky Threatpost news site."
Here is some more Tech News from around the web:
- Microsoft rolls out Skype Translator to Windows desktop app @ The Inquirer
- Windows 10's second month sees sluggish growth in market share @ The Inquirer
- Weird garbled Windows 7 update baffles world – now Microsoft reveals the truth @ The Register
- Tear teardown down, roars Apple: iFixit app yanked from store @ The Register
- Acer: We're not laying off staff, just shifting 'em out of the PC biz @ The Register
- Tenda AC15 AC1900 Dual-Band WiFi Router @ Benchmark Reviews