1Likes
LinkBack URL
About LinkBacks
Over 1 billion Android devices vulnerable to Stagefright 2.0
At the recent Nexus event, Google CEO Sunday Pichai said that there were over 1.4 billion users of Android. With such a large base of users, it makes for the lucrative platform to exploit vulnerabilities. According to mobile security company Zimperium Mobile Threat Protection, Joshua J Drake continued researching media processing in the Android operating system.
According to a post on the Zimperium Mobile Security blog, there are a set of two vulnerabilities that manifest when processing specially crafted MP3 and MP4 video files. The vulnerability (in the libutils function of the Android OS) around MP3 files could impact almost every Android device according to Zimperium. The post adds that the user base for this vulnerability is since version 1.0 released in 2008.
Zimperium claims to have found methods to trigger that vulnerability in Android devices that run version 5.0 and higher by using the second vulnerability (in the libstagefright function of Android OS).
After studying the vulnerability, Zimperium says that remote code execution is possible via libstagefright in Android versions 5.0 and higher. What this means is a rogue developer could use this vulnerability to run code on your device from a remote location. Effectively, the developer could steal sensitive information, alter files on your device or do any of a wide range of activities since access to your device has been opened up by way of a glaring vulnerability.
What’s alarming is this vulnerability goes all the way down to version 1.0 of Android! If the libutils function is used in Android, then even older devices could be impacted by this vulnerability. This includes the use of third party apps, vendor or carrier functionality pre-loaded on an Android phone.
The Stagefright vulnerability is said to be the biggest Android security problem for years now. The exploit leaves almost 95 percent of all Android users susceptible to attacks. Just a month ago, we read how Google and Samsung were working together to deal with Stagefright.
The Stagefright bug lets attacker remotely execute code using multimedia text messages, and in most cases the users doen’t even see the message.
Torrent Invites! Buy, Trade, Sell Or Find Free Invites, For EVERY Private Tracker! HDBits.org, BTN, PTP, MTV, Empornium, Orpheus, Bibliotik, RED, IPT, TL, PHD etc!
Results 1 to 1 of 1
-
10-02-2015 #1iLLuSioNist
- Reputation Points
- 77147
- Reputation Power
- 100
- Join Date
- Aug 2015
- Posts
- 4,744
- Time Online
- 204 d 20 h 52 m
- Avg. Time Online
- 1 h 33 m
- Mentioned
- 969 Post(s)
- Quoted
- 453 Post(s)
- Liked
- 4014 times
- Feedbacks
- 170 (100%)
Over 1 billion Android devices vulnerable to Stagefright 2.0
whiteLight likes this.DGM Says ! Be Busy Be Happy TI'ian. !
Reply With QuoteTags for this Thread
android,
apple,
applications,
apps,
code,
free applications,
free software,
have,
i phone,
ios,
iphone,
iphone 4,
iphone 5,
jailbreaking,
mobile,
mp3,
mp4,
problem,
video
