Tuesday , December 12 2017 9:54 AM
Home / Vulnerabilities / Android Vulnerability / Stagefright Bug 2.0 One Billion Android Devices Vulnerable to Hacking

Stagefright Bug 2.0 One Billion Android Devices Vulnerable to Hacking

Stagefright Bug 2.0 One Billion Android Devices Vulnerable to Hacking 1 Stagefright Bug 2.0  One Billion Android Devices Vulnerable to Hacking

Stagefright 2.0, as it’s being dubbed by researchers from security firm Zimperium, is a set of two bugs that are triggered when processing specially designed MP3 audio or MP4 video files. The first flaw, which is found in the libutils library and is indexed as CVE-2015-6602, resides in every Android version since 1.0, which was released in 2008. The vulnerability can be exploited even on newer devices with beefed up defenses by exploiting a second vulnerability in libstagefright, a code library Android uses to process media files. Google still hasn’t issued a CVE index number for this second bug.

When combined, the flaws allow attackers to used booby-trapped audio or video files to execute malicious code on phones running Android 5.0 or later. Devices running 5.0 or earlier can be similarly exploited when they use the vulnerable function inside libutils, a condition that depends on what third-party apps are installed and what functionality came preloaded on the phone.

New Stagefright Attack Vectors

The Stagefright Bug 2.0 vulnerability can be triggered (attack vectors) by:
  • Webpage
  • Man-in-the-middle attack
  • Third-party media player
  • Instant messaging apps

 

About GOPU

Technology Enthusiast with a keen eye on the Cyber-security and other tech related developments.

Check Also

Don’t Fall For This Dangerously Convincing Ongoing Phishing Attack

Security researchers have discovered a new phishing campaign targeting Gmail users, which is so convincing …

Powered by themekiller.com anime4online.com animextoon.com apk4phone.com tengag.com moviekillers.com