The solution for Stagefright 2.0 vulnerability only reaches 5 October
<-.! .post-summary ->
newly discovered vulnerabilities in the way Android handles media files can allow attackers to compromise devices to fool users to visit malicious Web pages.
The faults in question could lead to remote code execution in almost all Android devices, starting with version 1.0 of the system (2008) to the latest 5.1. 1, say researchers Zimperium security company in an analysis published this week.
The flaws affect the way Android handles the metadata of MP3 files and MP4 and can be exploited when the system or another app that based on the Android media libraries open version “preview” (preview) of these files.
Researchers from Zimperium found similar failures in the multimedia processing a few months ago in Android library Call Stagefright, which could be exploited by simply sending a malicious MMS to Android devices.
These failures led to a coordinated effort of solutions from device manufacturers, the security chief engineer Android, Adrian Ludwig, called “the largest single software update in the world.” Also contributed to Google, Samsung and LG undertook the monthly security updates since.
Researchers from Zimperium call the new Stagefright 2.0 attack and believe affects more than a thousand million devices.
Like the previous attack vector using the MMS was closed in the latest versions of Google Hangouts and other apps messages, after the discovery of previous failures Stagefright, the simplest method to explore new vulnerabilities is through Web browsers, say researchers from Zimperium.
The attackers can trick users to visit sites that exploit the flaw through links in instant emails and messages or through malicious ads on legitimate sites.
The Zimperium informed Google about the flaws on 15 August and created a detection program but the solution for them will only be revealed to 5 October as part of the latest monthly security update of Android, said a representative of Google.
No comments:
Post a Comment