A serious Android leak from July of this year could be misused in two new ways. All Android smartphones and tablets are again vulnerable to attacks including rogue MP3 files
According to research from security company Zimperium that the relevant leak -. Stage Fright – discovered. Stage Fright 2.0 again makes abuse of the Android framework of video: the media technology that loads and plays. Unlike video files used Zimperium now music files (mp3 files and mp4′tjes) for hiding malicious code.
This makes it possible for a malicious resume playing a rogue music file on a website and then there malware on the device can be installed. Such malware can eg log data capture or display annoying pop-ups on your screen.
The second method allows a malicious other Android users can infect the same unsecured Wi-Fi network with malware. Reference is again leak abused in the video framework. Zimperium alerts Android users music and video files with apps playback to pay attention to where they get their media from.
What can you do? You can
at this moment nothing against Stage Fright 2.0. Zimperium recommends Android users to be careful with downloading and playing media files. You have to wait until the manufacturer of your Android distributes the update. Meanwhile
Google is by Zimperium been informed of Stage Fright 2.0. The first vulnerability – a rogue mp3′tje – applies to all Android versions and next week by Google patched, and manufacturers need to spread the Google update to their devices. This can often take weeks to months. The second vulnerability, through unsecured Wi-Fi network is not yet confirmed by Google.
Manufacturers rolled recent times though a firmware update for the first version of Stage Fright, but it turns out the two new discovered vulnerabilities not protected enough.
Check it out yourself?
Once Google released a patch for Stage Fright 2.0 has released, Zimperium publishes more information about the vulnerabilities. Around that time, users can view this app or their Android is vulnerable to Stage Fright 2.0.
RTL Z / Daniel Verlaan
No comments:
Post a Comment