Once again the Stage fright vulnerability is back, two new Android Stage fright vulnerabilities are recently disclosed.
This time with some new tricks, an attacker can hack the Android Phone just by convincing the user to visit a website containing malicious files, either MP4 or MP3.
A security researcher at Zemperium discloses the first Stage fright Bug which allows the acker to hijack the android phone by simple text message (the exploit code).
How The Stage fright Bug works?
The two new vulnerabilities namely (CVE-2015-6602 and CVE-2015-3876) exist in the Android Media Playback called “Stage fright”. These newly discovered bugs affect all the android versions right from version 1 to latest 5.1.1 (lollipop).
Report says, if you preview the malicious song or video file, it will execute the Stage fright Bug 2.0 exploit which allows the attacker to run remote codes on user’s device.
Attack Vectors
The Stage fright Bug 2.0 can be prompted by:
- Instant Messaging apps
- The webpages.
- It can also be executed by the Man-In The-Middle Attack.
- Third Party media player (e.g. MX Player).
To fix the bugs, Google has slated monthly security update on 5th October for the Nexus Devices. This new update will patch the newly discovered vulnerabilities.
The firm (Zimperium) which discovered the Stage fright Bug 2.0 reported the flaws to Google on Aug.15. The firm also plans to release the technical details and proof of the vulnerabilities once the bugs are fixed by Google.
Google has shared the bugs and patches with the OEM partners on sept.1.
So be ready for the update that you might be getting on oct.5.
Have something to add LG smartwatch Urbane 2nd Edition ? Please add in comments.
Follow us on Facebook, Google Plus and Twitter to get more Tech News and reviews.
