Millions of Android Devices Vulnerable To New Stagefright Exploit

An anonymous reader writes: Security researchers have found yet another flaw in Android's Stagefright. The researchers were able to remotely hack an Android phone by exploiting the bugs. According to their estimation, the flaw exposes devices running Android software version between 5.0-5.1, or 36% of 1.4 billion, to security attacks. "I would be surprised if multiple professional hacking groups do not have working Stagefright exploits by now. Many devices out there are still vulnerable, so Zimperium has not published the second exploit in order to protect the ecosystem," Zuk Avraham, chairman of Zimperium, the firm which found the first Stagefright exploit told Wired.

Good

[johanw]

A new nearly-universal root method is always handy.

Re:Good

[AmiMoJo]

That's not what this is. TFP is careful to point out that all it gets you is executing arbitrary code in the process that is affected, in this case the browser. So you would need further exploits to get anywhere from there.

Even that is difficult as it requires knowing certain things about the target device, like the exact ROM it is running. It also looks like Google should be able to mitigate is pretty quickly by updating Chrome and various system components via Play.

Re:And?

[GTRacer]

Aside from crappy security implementations which I blame mostly on Google, I don't get this attitude of yours.

Anyone who in 2016 doesn't understand how the exchange of a "free' phone OS for personal data works needs to grab a refresher from the many excellent sources of economic theory available.

Meanwhile, I *know* I'm the product, but in exchange I get great web searches, kick-ass navigation, YouTube, handy email and calendar integration with work, and more.