More than 1.4 billion Android devices are at serious risk.Security researchers at Zimperium zLabs have discovered Stagefright vulnerability that can compromise an Android phone just by opening an MP3 or MP4 file.
This vulnerability affects every Android device running on any version of Android. The attack only requires attacker to create a malicious MP3 or MP4 file and send the link to victim. Victim would not need to download anything to enable the exploit and bypass Android phone’s security system. Previewing is enough to enable the exploit. Attacker can take remote control of a user’s camera, SD memory card, and other personal information saved in the device. This bug also affects third party apps.
This bug is still unpatched and Zimperium has reported it to Google. Once it has been fixed, company will also released the proof-of-concept explaining how this works. Bug was reported to Google on August 15 and we are expecting the update to fix the issue next month. Xiaomi, Samsung, HTC or other smartphone manufacturers who use custom OS based on Android will have to release the fix separately.
Devices which will not receive update will be at risk forever until user manually flashes the Android.
Featured image source: pocketmeta.com
