• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

  • You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
  • You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
  • If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

Previously on "Got an Android Phone? Be afraid, be very afraid. Stagefright is here."

Collapse

  • DimPrawn
    replied
    Damn them useless developers at Micro$haft!

    Oh hang on....

    Leave a comment:


  • Got an Android Phone? Be afraid, be very afraid. Stagefright is here.

    Vulnerability Note VU#924951 - Android Stagefright contains multiple vulnerabilities

    According to a Zimperium zLabs blog post, Android's Stagefright engine contains multiple vulnerabilities, including several integer overflows, allowing a remote attacker to access files or possibly execute code on the device. This vulnerability appears to affect all versions of Android from 2.2 (Froyo) and to Android 5.1.1_r5 (Lollipop). ZDNET reports that the feature that makes the vulnerability more severe "appears to be that to reduce video viewing lag time Stagefright automatically processes the video before you even think about watching it."
    Stagefright is the Android service that handles MMS messaging. It generates previews of MMS messages prior to them being opened by the user in order to speed up display. It is fundamentally broken in security terms.
    Basically, anyone can send a malicously crafted MMS message to an Android phone and own it. You dont need to open the message, you may not even realise it's arrived.

    Google have patched it but until your phone provider issues an OTA update with the patches you are exposed.

    Those with OnePlus One phones can manually download the latest nightly ROMS and flash the update for themselves to fix it. Otherwise they will appear in the August Stable Update to Cyanogen.

    For any other phones, check with your provider for any manual updates you may be able to apply.
    Last edited by DaveB; 29 July 2015, 14:43.

Working...
X