Tuesday, November 3, 2015

Another Day, Another Billion Android Users at Risk


android-vulnerabilities-stagefright

ManageEngine OpManager, a powerful NMS for monitoring your network, physical & virtual (VMware/ HyperV) servers & other IT devices. Deploy and start monitoring in less than an hour. Trusted by over a million admins world-wide. Try it for free.


Google on Monday released an over-the-air update for Nexus devices, which includes patches for the latest Stagefright vulnerabilities and other flaws.

Android's Stagefright media processing feature, which recently imperiled 1 billion devices around the world, was once again putting them at risk, Zimperium revealed last week.

Zimperium found two new vulnerabilities that manifest when Android's Stagefright media playback engine handles specially crafted MP3 audio or MP video files.

The first vulnerability, which Google named "CVE-2015-6602," is in libutils. It exists in "all versions of Android since the very first AOSP (Android Open Source Project) code push," said Zuk Avraham, Zimperium's CTO.

The second vulnerability, in libstagefright, impacts only devices running Android 5.0 and higher, he told LinuxInsider.

It has been named "CVE-2015-3876," Google spokesperson Elizabeth Markman said.

Google will post its latest patches to AOSP as well as on its Android Security Updates forum, Markman told LinuxInsider.

No exploit has been found in the wild for either vulnerability, Avraham said.

No comments:

Post a Comment