Android has been Hit Again Stagefright-style Flaw: 950 Million Devices at Risk
It is another day and another bad news for Andriod. This time, a security firm, Trend Micro, has discovered a serious flaw in the OS that affects versions dating back to 2010.
It was only recently that another security firm, Zimperium, discovered a security threat dubbed Stagefright that could affect 950 million handsets. The whole scenario has degenerated and it is no wonder that the Android chap is green, because this year has been a rollercoaster of a sort for the company.
Trend Micro has stated that all versions of Andriod OS from 4.3 to 5.1.1 are susceptible to a bug that can make phones go silent and screens go dark.
Wish Wu, a security researcher, said that the new Andriod Mediaserver flaw could be used to attack devices e.g arbitrary code execution. According to him, the vulnerability is similar to Stagefright but its entry point is different and it could be executed in two ways. He specifically stated it could be exploited through a malicious app installed on the device, or through a specially-crafted website.
Google was contacted and the company said that some of its IT professionals are currently studying and working on the report of Trend Micro.
Trend Micro stated that no hacker has exploited the flaw and also said that Google has fixed and published details regarding the problem to the Android Open Source Project.
A Google spokesperson said:
We want to thank the researcher for their report as it helps strengthen Android’s security. While our team is monitoring closely for potential exploitation, we’ve seen no evidence of actual exploitation.
The company further explained that the risks might not be as bad as it seems because even if exploited, the only effect would be the temporary crash of the media playback.
They said that uninstalling the crashed app or desisting from the website that caused the crash is a viable option and that a fix would come with all future OS.
Image from Shutterstock.