Android Stagefright 2.0 Media Library Remote Code Execution Vulnerabilities

Last Update Date: 5 Oct 2015 17:42 Release Date: 5 Oct 2015 4026 Views

RISK: Extremely High Risk

Extremely High Risk

TYPE: Operating Systems - Mobile & Apps

TYPE: Mobile & Apps

Multiple vulnerabilities have been identified in Android Media Library. By sending a crafted MP3 or MP4 file, remote attackers can exploit the vulnerabilities to execute arbitrary code on the target system.

 

Note:

  • Vendor patch is currently unavailable. However, workaround is provided.

Impact

  • Remote Code Execution

System / Technologies affected

  • Android versions 1.0 to 5.x

Solutions

  • Note:
    • Vendor patch is currently unavailable.
  • Workaround:
    1. Proceed with special caution when using your mobile browser to preview unsolicited audio and video files.
    2. Turn off "Auto Retrieve" for multimedia messages (MMS) under "Settings", go to "SMS"/"Multimedia message".
      Note: For this workaround, you may find more information for your device model in the following webpage:
      https://www.twilio.com/blog/2015/07/how-to-protect-your-android-device-from-stagefright-exploit.html
    Note: The following 3 solutions may impose the risk of losing important information dedicated to you. Please assess the risk before making the decision.
    1. Block all text messages from unknown senders. Usually, you can enable such option under "Settings".
    2. Do not open MMS sent by unknown parties.
    3. Remove all MMS related settings under Access Point Name (APN).

 

Vulnerability Identifier

Source

Related Link

Share with

Previous

VMware vCenter and ESXi Multiple Vulnerabilities

2 Oct 2015 3515 Views

Next

Cisco Wireless LAN Controller 802.11i Denial of Service Vulnerability

5 Oct 2015 3281 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY