The Android back to being under fire. After a few days of being known a serious security flaw that can be easily exploited, and the attacker only needs to know the mobile number, has now discovered a new flaw that allows can leave a terminal inoperable.
While the baptized vulnerability Stagefright affected 95% of all Android with version between 2.2 and 5.1, this new vulnerability only affects devices with Android 4.3 and higher (corresponding to about 56.8%).
According to researchers from Trend Micro, this new vulnerability (which still has no name) is associated with Android MediaServer and can be exploited in two ways.
The first is by installing a malicious application on the device that you want attack containing an altered MKV file. The second way is by going to a malicious site that has also an MKV embedded with malicious code.
Then, when the MediaServer tries to process the media files malicious MKV, the system becomes unstable and may even collapse (not responding to any action), forcing the user to reboot the system.
The vulnerability is Caused by an integer overflow When the MediaServer service parses an MKV file. It reads out of buffer memory or writes data to address NULL When parsing audio data
So far there is no information from Google regarding this vulnerability.
Via TrendMicro
No comments:
Post a Comment