Issues on Android "Stagefright" Media Library Remote Code Execution Vulnerabilities

Release Date: 28 Jul 2015 2080 Views

Recently, a security research company reported that remote code execution vulnerabilities were identified in Android smartphones. With these vulnerabilities, arbitrary code would be executed upon MMS message received on target smartphone.

 

Summary

  • ZIMPERIUM security research company [1] reported that remote code execution vulnerabilities were identified in Android media library "Stagefright".
  • The vulnerabilities affected Android 2.2 or later.
  • When the crafted MMS is received by the phone, arbitrary code could be executed without any user interaction.
  • Vendor patch is currently unavailable.

HKCERT has issued a security bulletin for the said vulnerabilities. Please refer to it for workaround solutions:

/my_url/alert/15072901

 

[1] Reference: http://blog.zimperium.com/experts-found-a-unicorn-in-the-heart-of-android/

Share with

Previous

Favourite Security Reads of the Week (24 Jul 2015)

24 Jul 2015 1825 Views

Next

Vulnerabilities in Hong Kong Internet Devices

31 Jul 2015 2701 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY