Security firm Trend Micro found a vulnerability in Android again, making an app with limited rights can execute their own code at the level of the media server. Who include access to the Internet and the camera.
The vulnerability is in the Audio Effects section of the Android media server, says security firm Trend Micro. The problem that executing code allows, is less easy to exploit the bug in the Stage Fright library, also part of the Android media server. Which could be exploited by serving a malicious movie, such as an instant message or from a Web site.
Unlike those bug in the bug Audio Effect can only be exploited from an app. That means that an app with limited rights to access include the microphone and the camera; namely code from the app can be performed with the media rights server. Because the media server also has Internet access, an attacker would the camera and microphone to intercept and transferring it to his own server.
The bug has now been closed, says Trend Micro, but the bug was in Android 5.1. 1 still exist. That indicates that the bug only in the next Android version has been corrected in practice. Moreover, users of old Android versions are vulnerable.
It is the third time in a short time there are bugs in the Android media server come out. In addition to the Stage Fright bug discovered, Trend Micro rather an app that allows a phone unusable can be made by letting him endless reboot
An example app Trend Micro, with limited access rights
No comments:
Post a Comment