Android users, beware of new Stagefright attacks

Victor Barreiro Jr.

This is AI generated summarization, which may have errors. For context, always refer to the full article.

Android users, beware of new Stagefright attacks
The two vulnerabilities in Stagefright 2.0, which 'manifest when processing specially crafted MP3 audio or MP4 video files,' may affect 1.4 billion people

MANILA, Philippines – Mobile security research firm Zimperium zLabs on Thursday, October 1, discovered a new pair of vulnerabilities affecting Android devices, calling the new vulnerabilities Stagefright 2.0.

While the original Stagefright vulnerabilities discovered by Zimperium back in July related to attack codes hidden inside multimedia texts, the two vulnerabilities in Stagefright 2.0 “manifest when processing specially crafted MP3 audio or MP4 video files.”

Attempts to preview specially-made song or video files would execute the exploits, allowing an attacker to successfully execute remote code.

Whereas one of the exploits –assigned a Common Vulnerabilites and Exposures (CVE) number of CVE-2015-6602 – reportedly affects Android devices from 1.0 above, the second, unnumbered vulnerability affects devices running 5.0 and above.

This second vulnerability may also affect third-party applications due to the issue being found within the libstagefright library used by some media players.

Zimperium informed Google of the two vulnerabilities on August 15, and a fix is supposed to come in the next Nexus Security Bulletin scheduled for next week. Phone manufacturers, however, will need to patch consumers’ phones accordingly through an update.

In a Motherboard report, Zuk Avraham, Zimperium zLabs’ founder and Chief Technology Officer, said that 1.4 billion people are likely affected by the vulnerabilities, explaining, “I cannot tell you that all of the phones are vulnerable, but most of them are.”

Joshua J. Drake, the researcher who discovered Stagefright and Stagefright 2.0, told Motherboard by email that “All Android devices without the yet-to-be-released patch contain this latent issue.”

Google’s latest Android operating system, Marshmallow, will reportedly carry the fix for the issue, though older devices that cannot be updated to Android Marshmallow may end up being stuck with vulnerabilities inside them. – Rappler.com

Android phone image from Shutterstock

Add a comment

Sort by

There are no comments yet. Add your comment to start the conversation.

Summarize this article with AI

How does this make you feel?

Loading
Download the Rappler App!
Person, Human, Sleeve

author

Victor Barreiro Jr.

Victor Barreiro Jr is part of Rappler's Central Desk. An avid patron of role-playing games and science fiction and fantasy shows, he also yearns to do good in the world, and hopes his work with Rappler helps to increase the good that's out there.