Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stagefright 2.0 Vulnerabilities Affect 1 Billion Android Devices

Posted by timothy on from the imagine-the-whole-audience-is-naked dept.

msm1267 writes: Security researcher Joshua Drake today disclosed two more flaws in Stagefright, one that dates back to the first version of Android, and a second dependent vulnerability that was introduced in Android 5.0. The bugs affect more than one billion Android devices, essentially all of them in circulation. One of the vulnerabilities was found in a core Android library called libutils; it has been in the Android OS since it was first released and before there were even Android mobile devices. The second vulnerability was introduced into libstagefright in Android 5.0; it calls into libutils in a vulnerable way. An attacker would use a specially crafted MP3 or MP4 file in this case to exploit the vulnerabilities. Google has released patches into the Android Open Source Project tree, but public patches are not yet available.

2 of 123 comments (clear)

  1. Re:Call for mass-forking of Android by macs4all · · Score: 4, Informative

    Uhm... You know that a tens of thousands of malware / spyware apps trampled that walled garden a week or two ago, right?

    Tens of thousands? REPUTABLE Citation, please?

    There has been a bunch of apps that should not have been allowed on the store but made it in on top of that (even though they were found useful, but that's not the point)... things like the secret flashlight tethering app a couple years ago, that security researcher who had 10-100k users download his potentially malicious command-and-control center?

    Are you seriously still believing that i things are immune to malware?

    I (and Apple) never said iOS Devices are IMMUNE from Malware; but I think that iOS' track record in that regard speaks for itself.

    Plus, I love the way that Fandroids keep harping on the VERY few examples of things slipping past (having to go back YEARS to find one or two examples of Trojans that made it through Apple's Approval Process, and blithely IGNORE the metric buttload of (also see the links in that article) malware-containing Apps in the Android ecosystem, a good number of which are, or until recently, when Google started getting more serious about vetting Apps, were available in the Play Store.

  2. Re:Call for mass-forking of Android by swv3752 · · Score: 1, Informative

    Unless you bought a Nexus device, most of the issues you mention are the fault of the Vendors and the carriers, not Google.

    --
    Just a Tuna in the Sea of Life