Vulnerability Note VU#924951 - Android Stagefright contains multiple vulnerabilities
Stagefright is the Android service that handles MMS messaging. It generates previews of MMS messages prior to them being opened by the user in order to speed up display. It is fundamentally broken in security terms.
Basically, anyone can send a malicously crafted MMS message to an Android phone and own it. You dont need to open the message, you may not even realise it's arrived.
Google have patched it but until your phone provider issues an OTA update with the patches you are exposed.
Those with OnePlus One phones can manually download the latest nightly ROMS and flash the update for themselves to fix it. Otherwise they will appear in the August Stable Update to Cyanogen.
For any other phones, check with your provider for any manual updates you may be able to apply.
According to a Zimperium zLabs blog post, Android's Stagefright engine contains multiple vulnerabilities, including several integer overflows, allowing a remote attacker to access files or possibly execute code on the device. This vulnerability appears to affect all versions of Android from 2.2 (Froyo) and to Android 5.1.1_r5 (Lollipop). ZDNET reports that the feature that makes the vulnerability more severe "appears to be that to reduce video viewing lag time Stagefright automatically processes the video before you even think about watching it."
Basically, anyone can send a malicously crafted MMS message to an Android phone and own it. You dont need to open the message, you may not even realise it's arrived.
Google have patched it but until your phone provider issues an OTA update with the patches you are exposed.
Those with OnePlus One phones can manually download the latest nightly ROMS and flash the update for themselves to fix it. Otherwise they will appear in the August Stable Update to Cyanogen.
For any other phones, check with your provider for any manual updates you may be able to apply.
Comment