Stagefright is undeniably the most talked about Android bug in the recent times. Discovered first in July by security researchers at Zimperium zLabs, Stagefright is a vulnerability that could be used to gain access to any Android device with a simple text.
Google acknowledged the bug and seeded the patch to manufacturers and carriers. Most major manufacturers rushed to patch their devices only to know that the bug still exists and then came another round of patches. Now, we are onto Stagefright again.
Zimperium security has now discovered the vulnerability again. According to areport at Motherboard, “the security researchers warns that two new Stagefright bugs can allow hackers to break into your phone by tricking you into visiting a website containing a malicious multimedia file, either mp3 or mp4.” The report adds, “These two new bugs were also found in the Android media playback engine called Stagefright, just like the first series of bugs disclosed in late July.”
Earlier this week at Google event, Google CEO Sundar Pichai claimed that Android now has 1.4 billion 30-day active devices and the researchers at Zimperium security believe that 1.4 billion people could be affected by these bugs. They have found that ‘almost every Android device’ released since 2008 could be affected by one of these vulnerability.
In a blog post, Joshua Drake, a security researcher at Zimperium zLabs, wrote “Merely previewing the song or video would trigger the issue.” Drake later explains that the hackers can even inject the exploit via public Wi-Fi and intercept the victim’s unencrypted network traffic.
A Google spokesperson has said that a patch for these new vulnerabilities will be rolled out to users of its Nexus phones on October 5. Motorola sent a Stagefright bug fix for its Moto X device this morning which patches these vulnerabilities. Its likely that other OEMs and carriers will follow-suit.
No comments:
Post a Comment