Wednesday , June 28 2017 7:35 AM
Home / Vulnerabilities / Android Vulnerability / Stagefright Bug 2.0 One Billion Android Devices Vulnerable to Hacking

Stagefright Bug 2.0 One Billion Android Devices Vulnerable to Hacking

Stagefright Bug 2.0 One Billion Android Devices Vulnerable to Hacking 1 Stagefright Bug 2.0  One Billion Android Devices Vulnerable to Hacking

Stagefright 2.0, as it’s being dubbed by researchers from security firm Zimperium, is a set of two bugs that are triggered when processing specially designed MP3 audio or MP4 video files. The first flaw, which is found in the libutils library and is indexed as CVE-2015-6602, resides in every Android version since 1.0, which was released in 2008. The vulnerability can be exploited even on newer devices with beefed up defenses by exploiting a second vulnerability in libstagefright, a code library Android uses to process media files. Google still hasn’t issued a CVE index number for this second bug.

When combined, the flaws allow attackers to used booby-trapped audio or video files to execute malicious code on phones running Android 5.0 or later. Devices running 5.0 or earlier can be similarly exploited when they use the vulnerable function inside libutils, a condition that depends on what third-party apps are installed and what functionality came preloaded on the phone.

New Stagefright Attack Vectors

The Stagefright Bug 2.0 vulnerability can be triggered (attack vectors) by:
  • Webpage
  • Man-in-the-middle attack
  • Third-party media player
  • Instant messaging apps

 

About GOPU

Technology Enthusiast with a keen eye on the Cyber-security and other tech related developments.

Check Also

Critical PHPMailer Flaw leaves Millions of Websites Vulnerable to Remote Exploit

A critical vulnerability has been discovered in PHPMailer, which is one of the most popular …

Powered by themekiller.com anime4online.com animextoon.com apk4phone.com tengag.com moviekillers.com