Thursday, October 1, 2015

Stagefright 2.0: The Android back to being under fire – Pplware

More 1400 million vulnerable Androids devices

Android is the mobile operating system world’s most popular. About 80% of smartphones running Android and hence this is a also operating more “desirable” mobile systems to explore, in that regard to safety.

After discovering a first vulnerability in Stagefright library Android , has now discovered a second vulnerability in the same library and jeopardizes more than 1,400 million devices around the world

Android_00


According to the security company Zimperium zLabs, a new vulnerability was detected in the Android OS, which affects more than 1.4000 million devices worldwide.

This vulnerability (which in practice are two bugs), already christened the Stagefright 2.0 can be easily explored with a simple “preview” of a previously modified MP3 or MP4 file and which will complement all commands in the system.

Meet Stagefright 2.0, the set of two vulnerabilities que manifest When processing specially crafted MP3 audio or MP4 video files. The first vulnerability (in libutils) impacts almost every Android device since version 1.0 released in 2008. We found methods to trigger que vulnerability in devices running version 5.0 and up using the second vulnerability (in libstagefright). Google assigned CVE-2015-6602 vulnerability in to libutils. We plan to share CVE information for the second vulnerability as soon as it is available.

 stagefright-2.0

How can it be attacked?

The vulnerability lies in the processing of metadata associated with the MP3 / MP4 files modified. Basically the attacker will try to convince the user to visit a particular site (which is controlled by the attacker himself) and download an infected file (which can also reach by e-mail).

User After performing the same or simply to preview, are triggered a series of actions that compromise the system.

Google is already aware of this vulnerability and according to information Zimperium the company of research was notified on 15 August.

Source: Zimperium zLabs via Motherboard

LikeTweet

No comments:

Post a Comment