- Jul 22, 2014
- 2,525
- 1
- 23,394
- 3,488
More than 1 Billion Android devices are vulnerable to hackers once again – Thanks to newly disclosed two new Android Stagefright vulnerabilities.
Yes, Android Stagefright bug is Back…
…and this time, the flaw allows an attacker to hack Android smartphones just by tricking users into visiting a website that contains a malicious multimedia file, either MP3 or MP4.
In July, Joshua Drake, a Security researcher at Zimperium revealed the first Stagefright bug that allowed hackers to hijack Android smartphoneswith just a simple text message (exploit code).
How Stagefright Bug 2.0 Works
Both newly discovered vulnerabilities (CVE-2015-6602 and CVE-2015-3876) also reside in the Android Media Playback Engine called 'Stagefright' and affects all Android OS version from 1 to latest release 5.1.1.
Reportedly, merely previewing a maliciously crafted song or video file would execute theStagefright Bug 2.0 exploit, allowing hackers to run remote codes on the victim's Android device.
New Stagefright Attack Vectors
The Stagefright Bug 2.0 vulnerability can be triggered (attack vectors) by:
..more on the link above and on
Zimperium zLabs is Raising the Volume: New Vulnerability Processing MP3/MP4 Media.
Android security updates once a month? Are they kidding?
I think they all need a class action to get to an ASAP schedule...
Yes, Android Stagefright bug is Back…
…and this time, the flaw allows an attacker to hack Android smartphones just by tricking users into visiting a website that contains a malicious multimedia file, either MP3 or MP4.
In July, Joshua Drake, a Security researcher at Zimperium revealed the first Stagefright bug that allowed hackers to hijack Android smartphoneswith just a simple text message (exploit code).
How Stagefright Bug 2.0 Works
Both newly discovered vulnerabilities (CVE-2015-6602 and CVE-2015-3876) also reside in the Android Media Playback Engine called 'Stagefright' and affects all Android OS version from 1 to latest release 5.1.1.
Reportedly, merely previewing a maliciously crafted song or video file would execute theStagefright Bug 2.0 exploit, allowing hackers to run remote codes on the victim's Android device.
New Stagefright Attack Vectors
The Stagefright Bug 2.0 vulnerability can be triggered (attack vectors) by:
- Webpage
- Man-in-the-middle attack
- Third-party media player
- Instant messaging apps
..more on the link above and on
Zimperium zLabs is Raising the Volume: New Vulnerability Processing MP3/MP4 Media.
Android security updates once a month? Are they kidding?
I think they all need a class action to get to an ASAP schedule...
Last edited:
