Maliciously Crafted MKV Video Files Can Be Used To Crash Android Phones

← Back to Stories (view on slashdot.org)

Maliciously Crafted MKV Video Files Can Be Used To Crash Android Phones

Posted by Soulskill on Wednesday July 29, 2015 @03:55AM from the attack-of-the-videophile's-video-files dept.

itwbennett writes: Just days after publication of a flaw in Android's Stagefright, which could allow attackers to compromise devices with a simple MMS message, researchers have found another Android media processing flaw. The latest vulnerability is located in Android's mediaserver component, more specifically in how the service handles files that use the Matroska video container (MKV), Trend Micro researchers said. "When the process opens a malformed MKV file, the service may crash (and with it, the rest of the operating system). The vulnerability is caused by an integer overflow when the mediaserver service parses an MKV file. It reads memory out of buffer or writes data to NULL address when parsing audio data."

92 comments

Min score:

Reason:

Sort:

Attack vector? by Anonymous Coward · 2015-07-29 04:01 · Score: 1

Could this be used in a malicious way, other than annoying people by rebooting their phones?
1. Re:Attack vector? by StikyPad · 2015-07-29 04:37 · Score: 1
  
  Possibly. Any time you have a buffer overflow, there's a possibility that you can write to the stack and execute arbitrary code.
  
  --
  https://www.eff.org/https-everywhere
2. Re:Attack vector? by Anonymous Coward · 2015-07-29 04:50 · Score: 0
  
  What if you were able to send it to EVERYONE's phone, all at the same time? In fact, there is nothing that would stop you from doing this repeatedly. (How fast is the upgrade cycle to Android? Months? Pretty much only when people buy a new phone?)
  You could stop a large group of people's phones working. You'll have to use your imagination to see what comes maliciously after that. (Because I'm not actually sure?)
3. Re:Attack vector? by Anonymous Coward · 2015-07-29 05:22 · Score: 0
  
  Only if the buffer was allocated on the stack, mind.
  I doubt too many buffer overruns can get all the way from the heap to the stack. Especially since it's been a while since I saw a machine that didn't start my stack at the top of a 64-bit virtual address space and the heap in the center or bottom. Between ASLR, stack smash protection, the NX bit and probably a few more things I'm unaware of, the security situation at the low level IS improving.
4. Re:Attack vector? by KGIII · 2015-07-29 11:21 · Score: 1
  
  The only logical thing to do with such power is use it to rape, murder, pillage, and burn... Anything else would be less civilized. Done in the wrong order, however, is not civilized at all.
  
  --
  "So long and thanks for all the fish."
Closed Ecosystem by OverlordQ · 2015-07-29 04:06 · Score: 4, Interesting

And those running custom mods will have this fix this week while those who are locked in to their carriers will be stuck vulnerable for who knows how long.

--
Your hair look like poop, Bob! - Wanker.
1. Re:Closed Ecosystem by ArcadeMan · 2015-07-29 04:16 · Score: 1
  
  Or you could use an iPhone, which doesn't even support MKV.
  
  --
  Get free satoshi (Bitcoin) and Dogecoins
2. Re:Closed Ecosystem by 0123456 · 2015-07-29 04:20 · Score: 1
  
  Or you could use an iPhone, which doesn't even support MKV.
  I'm going back to my old Samsung, which doesn't even play videos, and is barely capable of displaying image files.
3. Re:Closed Ecosystem by ArhcAngel · 2015-07-29 04:21 · Score: 1
  
  And those who use an MVNO and don't know how to set their APN are already safe!
  
  --
  "A person is smart. People are dumb, panicky dangerous animals and you know it." - K
4. Re:Closed Ecosystem by JustAnotherOldGuy · 2015-07-29 04:24 · Score: 1
  
  Same here...my old Nokia can't do all that new-fangled stuff, so I suppose I'm safe from these exciting new advances in technology. And by "technology", I mean "exploits".
  
  --
  Just cruising through this digital world at 33 1/3 rpm...
5. Re:Closed Ecosystem by Anonymous Coward · 2015-07-29 04:24 · Score: 0
  
  anybody with a nexus device will have the patch soon as well.
6. Re:Closed Ecosystem by TheGratefulNet · 2015-07-29 04:41 · Score: 4, Interesting
  
  I can update a proper linux system. apt-get update (etc etc) and I'm good. it could be a 5 yr old linux install, 10 yr even more. it will still get security and major bugfixes.
  android? yeah, right. my nexus one (go ahead, laugh at the old guy with the ancient phone) has not had an update for over 3 years now; probably more than that. 2.x distro from cyan and even they stopped doing updates. I have no time in my schedule to learn android internals well enough to do this myself (I could do it for linux, but I have no desire to waste time on phone crap, too many other things to get done). and so, I am running quite old software on a mobile computer and unless I pay for new hardware (my old hw works fine, still) I can't get updates.
  this is the main reason why I hate google so much. they totally messed up on the whole android build/deploy/update system. its not linux, its not separatable (gfx and kernel and ip stack all are comingled, like a college-hire might design, sigh) and you can't update just the parts you need. its a whole update or nothing at all. HOW UTTERLY STUPID.
  I wish I could get to love apple gear. then again, they EOL their old products, too, and so I'd have to keep rebuying hardware just like android guys are forced to do.
  I may just go back to dumb phones again. this is ridiculous. a mobile computer with wireless access, a lot of my personal info on it and yet no update mechanism at all. essentially its abandonware. hundreds of dollars and I have a device that won't ever get updated even though there's not a single good reason for that.
  what I can't figure out is: was google stupid or smart when they planned this? I tend to think they were both; stupid due to having too many kids onboard who don't understand the longevity of embedded systems in the real world; and smart since they force people to keep re-re-rebuying things and that must make their hardware partners very happy. they also can ignore older hardware and save time on multiple forks and build trees. but it was all the wrong design for END USERS. we are the ones who get screwed by this.
  I cannot ever forgive google. they could have kept linux clean on the phone and allowed users to update ip-stack, kernel, etc. but they put a lot of effort into NOT allowing this and we all pay for it with security problems; and ones that we won't ever be able to fix, either, unless we do the work ourselves (which is not acceptable for an embedded system).
  
  --
  
  --
  "It is now safe to switch off your computer."
7. Re:Closed Ecosystem by Anonymous Coward · 2015-07-29 04:52 · Score: 1
  
  its a whole update or nothing at all.
  Never attribute to stupidity that which is adequately explained by greed.
8. Re:Closed Ecosystem by Anonymous Coward · 2015-07-29 04:57 · Score: 0
  
  Maybe not in the base OS, but there are hundreds of iOS video players that can play MKV.
9. Re:Closed Ecosystem by brunes69 · 2015-07-29 05:15 · Score: 1
  
  You need to head to xda-developers.com and learn how to installa ROM. It is not complicated. The process is as simple as copying a zip file to your phone, rebooting the phone, and picking the zip file. Done.
10. Re:Closed Ecosystem by mlw4428 · 2015-07-29 05:21 · Score: 1
  
  If he's running Cyanogenmod (as he alludes to in his post), he knows how. The problem is that everyone stops supporting the old stuff after a while.
11. Re:Closed Ecosystem by 0123456 · 2015-07-29 05:22 · Score: 1
  
  I think Google were just rushing to get a competitor out before Apple took over the mobile market and they lost all their ad revenue there.
  Now, they look set to lose the market to Windows--which is something I never thought I'd say--if they don't find a way to push security fixes to phones without having to go through the manufacturer and carrier.
12. Re:Closed Ecosystem by c · 2015-07-29 06:45 · Score: 1
  
  they totally messed up on the whole android build/deploy/update system.
  From what I understand, a significant chunk of the problem with mobile device "longevity" is that closed source drivers for the SoC's used in phones are typically provided by chipset vendors, and if the driver model used by the O/S ever changes then the SoC vendor needs to provide a newer set of drivers. Which they aren't going to do when they are no longer selling the chipsets.
  
  --
  Log in or piss off.
13. Re:Closed Ecosystem by guises · 2015-07-29 06:49 · Score: 1
  
  That 2.x distro was the last that Google did for the Nexus One, but I'm running 4.4.4 (Carbon rom) on mine just fine. And I installed that... a year ago? There's probably a more recent one now.
  
  I too would like better standardization on the hardware, but it doesn't seem as though the device manufacturers are willing to go for that. Everyone wants their own non-standard custom sparkly feature, to make their junky phone stand out from everyone else's. I'm not sure Google deserves all or even the majority of the blame there.
14. Re:Closed Ecosystem by tlhIngan · 2015-07-29 08:32 · Score: 1
  
  Or you could use an iPhone, which doesn't even support MKV.
  Out of the box, no. But there are plenty of apps to solve that problem.
15. Re:Closed Ecosystem by viperidaenz · 2015-07-29 08:44 · Score: 2
  
  The hardware in your phone is pretty slow compared to anything in the last few years.
  The 1GHz single core Snapdragon CPU is slower per MHz than a standard Cortex A9
  It's only got 512MB of RAM
  It was a great phone 5 years ago, but seriously, it isn't powerful enough to run anything later than Android 2.3. I doubt anything with that CPU is. Even cyanogenmod support stopped at CM7
16. Re: Closed Ecosystem by net28573 · 2015-07-29 12:54 · Score: 1
  
  Older devices have historically had more potential vulnerabilities to exploit than newer systems. I don't have this l the link on me right now but I believe that there was a court case about the legality of monitoring someone's phone based on the age of the device and its capabilities.
  
  --
  RIP TRICERATOPS, YOU NEVER EXISTED
17. Re: Closed Ecosystem by bryanp · 2015-07-29 12:56 · Score: 1
  
  Not natively anyway. My preferred app for playing media on my iPad, including mkv files, is nplayer. Not free, but worth every penny. I'm assuming it works on an iPhone, my personal phone is an android and I'm not paying to put nplayer on the iPhone my employer makes me carry.
  
  --
  "An unarmed man can only flee from evil, and evil is not overcome by fleeing from it." Col. Jeff Cooper
18. Re:Closed Ecosystem by exomondo · 2015-07-29 16:00 · Score: 1
  
  and so, I am running quite old software on a mobile computer and unless I pay for new hardware (my old hw works fine, still) I can't get updates.
  The hardware may work fine but there is no appropriate software to run on it. So ultimately is your privacy worth a couple hundred dollars every year or so?
  
  essentially its abandonware. hundreds of dollars and I have a device that won't ever get updated even though there's not a single good reason for that.
  The code is all there, it's open source but nobody wants to maintain it and nobody wants to pay anybody to maintain it. What do you think is going to happen to it? It isn't going to maintain itself.
19. Re:Closed Ecosystem by exomondo · 2015-07-29 17:00 · Score: 1
  
  From what I understand, a significant chunk of the problem with mobile device "longevity" is that closed source drivers for the SoC's used in phones are typically provided by chipset vendors, and if the driver model used by the O/S ever changes then the SoC vendor needs to provide a newer set of drivers.
  That's mostly it, the problem is that the Linux kernel binary interface is unstable so binary drivers that work in one version may not work in the next version and would often need to be modified and rebuilt against the newer kernel then distributed.
20. Re:Closed Ecosystem by Eunuchswear · 2015-07-29 23:27 · Score: 1
  
  "Install a rom"?
  I used to do shit like that on 8 bit microcontrollers. If it's just one .so to change why the hell can't I just do, as the GP said, "apt-get update; apt-get dist-upgrade"?
  Works on my N900, worked on my N9, works on my Jolla.
  Android is primitive.
  
  --
  Watch this Heartland Institute video
21. Re:Closed Ecosystem by Eunuchswear · 2015-07-29 23:29 · Score: 1
  
  But none of these recent problems need a kernel upgrade -- the userland/kernel interface is stable, there is nothing stopping Google & pals from just releasing a package with the new .so file.
  Except that their package management is primitive to nonexistent.
  
  --
  Watch this Heartland Institute video
22. Re:Closed Ecosystem by IamTheRealMike · 2015-07-29 23:39 · Score: 1
  
  No, the issue is that it's open source and carriers customise the components. Android had a working online update infrastructure since day one, actually since before Apple did. But that's no use when the first thing OEMs do is repoint those mechanisms at their own servers and make huge changes to the code.
  The comparisons with Linux are especially strange. Guess what? Upstreams who develop software for Linux and see it get repackaged by distributors are in exactly the same boat as Google. They see their software get packaged up, distributed, bugs possibly introduced and then upgrades may or may not make it to users. Yeah yeah, Debian say they backport security fixes. That's great when it's a popular package and a one liner. When the security fix in question is a major architectural upgrade, like adding a sandbox to an app, then users just get left behind on old versions without the upgrades because that's the "stable" version.
  And of course many users are on Linux distros that stop being supported pretty quick. Then you're in the same boat as Android: old versions don't get updates.
23. Re:Closed Ecosystem by Anonymous Coward · 2015-07-30 02:28 · Score: 0
  
  So basically you're using software and burning your battery when it should be hardware accelerated?
  If you use it on your phone, the battery life will be even shorter than it already is. ;)
24. Re:Closed Ecosystem by brunes69 · 2015-07-30 02:49 · Score: 1
  
  You're not listening to me. This has nothing to do with Android. It has to do with the ROM on your phone that came from the phone maker. You need to swap out your ROM for one that is more open, and that allows root access so that you can do these kinds of updates. My Cyanogen ROM can pull updates on a nightly basis if I so choose.
25. Re:Closed Ecosystem by Eunuchswear · 2015-07-30 03:03 · Score: 1
  
  Ok, sorry, your answer was not clear to me. I thought you were saying the way to replace one package was to replace the whole rom, you meant to say that after replacing the whole rom you could do updates that just replace one package.
  
  --
  Watch this Heartland Institute video
26. Re: Closed Ecosystem by JustAnotherOldGuy · 2015-07-30 04:08 · Score: 1
  
  It may be that my phone is vulnerable, but any hacker who could manage to exploit it would have my respect. In fact, I'd be proud to have my phone rooted or compromised by someone who could do it, considering the obscureness of my device.
  
  PS: I just checked the stone tablets that the original Owner's Manual came on, and there's nothing mentioned about vulnerabilities there. ;)
  
  --
  Just cruising through this digital world at 33 1/3 rpm...
27. Re:Closed Ecosystem by exomondo · 2015-07-30 10:34 · Score: 1
  
  We're talking about the problem with mobile device "longevity".
28. Re:Closed Ecosystem by Anonymous Coward · 2015-07-30 14:32 · Score: 0
  
  Or you could use an iPhone, which doesn't even support MKV.
  Because not supporting the feature at all is somehow better for those that want it?
29. Re:Closed Ecosystem by Anonymous Coward · 2015-08-03 00:56 · Score: 0
  
  So basically you're using software and burning your battery when it should be hardware accelerated?
  If you use it on your phone, the battery life will be even shorter than it already is. ;)
  One would assume so, if one was the proverbial Apple Hater without a clue. E.g. Choosing the Right MKV Player: Battery Drain and Hi10P Support - for kicks:
  
  At first, I had thought AppStore-based players would definitely have a handicap playing back MKV files in semi-hardware-accelerated mode because they would need to quickly cut and remux the MKV files in the background. (This is what I referred to in my initial answer.) The results I got have shown I was wrong: utilizing hardware accelerated playback directly on a jailbroken device, actually, resulted in some 50 percent more battery drain in my tests.
Android phones by Anonymous Coward · 2015-07-29 04:19 · Score: 0

Are the worst iPhones ever made...
Re:SHINY NEW WINDOWS 10 by Anonymous Coward · 2015-07-29 04:22 · Score: 0

with ants
Honest question. by fuzzyfuzzyfungus · 2015-07-29 04:23 · Score: 1

Can someone explain why the program handling interaction with assorted media files would be so closely linked to the rest of the system working? I understand that parsing the ghastly mess of different standard and pseudo-standard formats out there, as poorly or even maliciously interpreted by various 3rd parties, is a difficult and dangerous task; so I'm not surprised by the fact that there is a bug in the media component; but if it is known to do such a dangerous job why isn't it compartmentalized more aggressively? Why does losing the mediaserver process make a mess of the phone, rather than just causing it to mark the file that killed it as tainted, restart the process, and carry on?
1. Re:Honest question. by Aighearach · 2015-07-29 04:47 · Score: 1
  Taking your question at face value:
  Programming is hard
  It would add latency to do the full range of sanity checks
  The engineering assumption is that the device will be lagging already from ads and other "monetization."
  Robust software sells the same as buggy software, as long as the bug isn't routine.
  They try to get developers to use the media library in place of the filesystem. Why? So they can do backups easily that back up "everything" the users added to the applications, without having to try to sort the filesystem or deal with unknown files.
  I'm sure they have even more reasons. I hate it more and more all the time, personally. And I use it less and less. I've already replaced about half the apps I use with my own versions, that do almost nothing. (the 1 thing I need each app for) I'm starting to wonder why I'm running an Android version instead of a regular embedded linux.
2. Re:Honest question. by JustAnotherOldGuy · 2015-07-29 05:05 · Score: 1
  
  Can someone explain why the program handling interaction with assorted media files would be so closely linked to the rest of the system working?
  
  Because 1) programmers are lazy and 2) management doesn't want them to "waste time" programming all those pesky security checks.
  
  --
  Just cruising through this digital world at 33 1/3 rpm...
3. Re:Honest question. by jedidiah · 2015-07-29 05:17 · Score: 1
  
  They need to be going out of their way to make this more of a problem than it should be. No modern OS should be crashing simply because one of it's apps ran amok. This isn't 1981.
  Unix + media player should not be able to crash the OS unless they took extra special measures to make the OS vulnerable.
  
  --
  A Pirate and a Puritan look the same on a balance sheet.
4. Re:Honest question. by brunes69 · 2015-07-29 05:27 · Score: 1
  
  The reason is because when a core system process crashes on android, the system automatically restarts it.
  This is normally a good thing - but if you have a scenario where you've done something that will cause a process to crash on start (which is what this thing is), the process restarts and restarts over and over indefinitely, essentially locking you out of the UI. Command line access via ADB is unaffected.
  Anyone who has messed around with custom ROMs has likely seen this behaviour many times by flashing an invalid Google Services for the phone.
5. Re:Honest question. by viperidaenz · 2015-07-29 08:48 · Score: 1
  
  Unless you end up sending junk to the GPU and it locks up the entire SoC?
  Just a guess, but who knows... or perhaps it sends junk data to a kernel module?
Why? by Anonymous Coward · 2015-07-29 04:26 · Score: 0

Somebody please explain to me why the crashing of a service for indexing media files can bring down the whole OS. Isn't that a userspace program? Why is it so embedded in the kernel or operating system that it crashes the whole device? Isn't that really bad practice? Are there any valid reasons to do it this way?
1. Re:Why? by jedidiah · 2015-07-29 05:19 · Score: 1
  
  I could see how something that hooks into a video device driver for hardware assisted decoding could bork the OS because at that point you've cross the user barrier. This just seems to be a problem of unraveling the wrapper format. Nothing about that should render the OS crash prone.
  
  --
  A Pirate and a Puritan look the same on a balance sheet.
So i't like an iPhone by Anonymous Coward · 2015-07-29 04:27 · Score: 0

Except that you don't need an MKV - just look at it wrong while you're in the middle of editing your Plaid Times blog and it just reboots all by itself. My, that's a pretty Apple logo...I wonder if I'll have to re-type my whole story on aging skinny jeans when it comes back up? Whatever, I'm sure it rebooted for a reason. Oh look, I'm almost at the bottom of my vanilla half-caf all skim latte - I'll go get another while I wait for the phone to come back up.
Re:Andorid is for by Impy+the+Impiuos+Imp · 2015-07-29 04:28 · Score: 1

Stop posting all those Windows 10 OMG!!! threads.

--
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
Re:WINDOWS 10 FOR THE USERS by Anonymous Coward · 2015-07-29 04:29 · Score: 0

Hi,
I'm running Linux but it's crashing a lot and all the applications are useless and look terrible.
Is Windows 10 better than Linux?
Thanks...
--interested_user
WIN 10 LAUNCH TODAY!!!! by Anonymous Coward · 2015-07-29 04:32 · Score: 0

Check out the new WINDOWS 10!!!!
Its free!!!!!!!!!
Its Windows 10!!!!!!!!!!!
It has a shiny new logo!!!!!!!!!!!!
It has 7 facts!!!!!
Its Windows!!!!!!!!
Its free!!!!!!!!
It LAUNCHES TODAY!!!!!!!!!!!!!!!!!
OMG, WINDOWS 10!!!!!!
WINDOWS 10 : THE KILLER OS WE ALL WAITED FOR!!!! by Anonymous Coward · 2015-07-29 04:35 · Score: 0

Check out the new WINDOWS 10!!!!
Its free!!!!!!!!!
Its Windows 10!!!!!!!!!!!
It has a shiny new logo!!!!!!!!!!!!!!!!
It has 7 facts!!!!!
Its Windows!!!!!!!!
Its free!!!!!!!!
It LAUNCHES TODAY!!!!!!
OMG, WINDOWS 10!!!!!!
WINDOWS 10, O MY GOSH! by Anonymous Coward · 2015-07-29 04:35 · Score: 0

Check out the new WINDOWS 10!!!!
Its free!!!!!!!!!
Its Windows 10!!!!!!!!!!!
It has a shiny new logo!!!!!!!!!!!!!!!!
It has 7 facts!!!!!
Its Windows!!!!!!!!!!!
Its free!!!!!!!!
It LAUNCHES TODAY!!!!!!
OMG, WINDOWS 10!!!!!!
WINDOWS 10 : O MY GOD! by Anonymous Coward · 2015-07-29 04:36 · Score: 0

Check out the new WINDOWS 10!!!!
Its free!!!!!!!!!
Its Windows 10!!!!!!!!!!!
It has a shiny new logo!!!!!!!!!!!!!!!!
It has 7 facts!!!!!
Its Windows!!!!!!!!
Its free!!!!!!!!
It LAUNCHES TODAY!!!!!!
OMG, WINDOWS 10!!!!!!
THE NEW OPERATING SYSTEM by Anonymous Coward · 2015-07-29 04:37 · Score: 0

Check out the new WINDOWS 10!!!!
Its free!!!!!!!!!
Its Windows 10!!!!!!!!!!!
It has a shiny new logo!!!!!!!!!!!!!!!!
It has 7 facts!!!!!
Its Windows!!!!!!!!!!
Its free!!!!!!!!
It LAUNCHES TODAY!!!!!!
OMG, WINDOWS 10!!!!!!
NEWS: OPERATING SYSTEM UPDATE RELEASED by Anonymous Coward · 2015-07-29 04:38 · Score: 0

Check out the new WINDOWS 10!!!!
Its free!!!!!!!!!
Its Windows 10!!!!!!!!!!!
It has a shiny new logo!!!!!!!!!!!!!!!!
It has 7 facts!!!!!
Its Windows!!!!!!!!
Its free!!!!!!!!
It LAUNCHES TODAY!!!!!!
OMG, WINDOWS 10!!!!!!!!
I have several of these files. by Anonymous Coward · 2015-07-29 04:52 · Score: 0

This is a that? I rip a lot of vids to MKV and recently I've had problems with 3 , files that crash my tablet it phone. I thought that it was of as they play fine on mtg computer and replies. I just thought it was because they were encoded in H265 and that my settings were bad.
I had not thought of using them as a weapon until know. Time to upload them and title them as a current hit movie. Lol
Yeah right by Anonymous Coward · 2015-07-29 04:54 · Score: 0

I guess you already forgot about I cloud?
1. Re:Yeah right by Anonymous Coward · 2015-07-29 06:53 · Score: 0
  
  What about iCloud? You mean the news that some idiots were using weak passwords? No company can protect you against that.
2. Re:Yeah right by viperidaenz · 2015-07-29 08:33 · Score: 1
  
  Wasn't it vulnerable to brute force password attacks?
ADHD by Anonymous Coward · 2015-07-29 05:07 · Score: 0

I'm starting to thing that Google suffers from some form of corporate ADHD, by which I mean: they get distracted with other, "cooler", projects before the projects they create are working properly.
I'm saying this after discovering "Messenger", which I shall now use for SMS on my phone instead of Hangouts (which has a muted conversation notification bug that drives me crazy), which I used because the "Messaging" app that is built into the OS doesn't support muting and has performance issues with long threads (and it used to scroll to the bottom when a new message came in).
I also realised, after reading about the bug mentioned by TFS, that Google don't appear to have an "emergency patch" arrangement for Android. This in itself could be their Achilles' Heel should a bug that crashes or takes over all the phones running Android ever made become exploited wildly.
1. Re:ADHD by 0123456 · 2015-07-29 05:47 · Score: 1
  
  This is what happens when you let an advertising agency write your software.
2. Re:ADHD by Anonymous Coward · 2015-07-29 09:27 · Score: 0
  
  Yet the marketing company that writes software (hint: Microsoft) seems to be doing OK on the mobile vulnerability front - if we ignore that their market can be counter on the fingers of a single hand :)
  I wonder when I'll be able to take the popcorn out for a MS system-wide vulnerability that they won't patch through their OEMs either. I mean, the way I read the notice on upgrading to Windows 10, they're more like Google than Apple in this regard, so they're bound to make a few similar headlines too.
What? by HideyoshiJP · 2015-07-29 05:08 · Score: 1

I can't even get my Android phone to play .mkvs, much less crash it. :(
From the TFA by Virtucon · 2015-07-29 05:26 · Score: 1

Trend Micro reported to flaw in May, it said, but Google assigned it a low priority.
So, publishing it will presumably make them move the priority up? AFAIK, if the attacker could register the properly crafted MKV to play on start, you'd be in a bricked phone situation, factory reset, fixed done.

--
Harrison's Postulate - "For every action there is an equal and opposite criticism"
Re:Andorid is for by invictusvoyd · 2015-07-29 07:13 · Score: 1

assholes p.s. mod me down -1

Thanks
Tell me by drolli · 2015-07-29 10:33 · Score: 1

how i can disable MMS. In the whole last 9 years when the phones i used supported MMS, i think i used the feature 3 times:
* one time for test
* two times to receive a train ticket (now they switched to internet+app)
I have no clue why i should use MMS. I use SMS a lot (since it works with all phones).
no need for this feature.