Stagefright 2.0 Spotted, Google Releases Security Update for Nexus

Earlier this year, an Android vulnerability called Stagefright was discovered, potentially affecting more than a billion devices. Once exploited, the vulnerability allowed an attacker to execute arbitrary code to control the device's functions or steal data without user interaction. It was found that it can be triggered by receiving a specially crafted MMS that the attacker could delete before the user even sees it.

While Google and smartphone manufacturers have moved to address the said vulnerability, a successor, dubbed Stagefright 2.0, has been discovered in mid-August. Unlike the original bug that infected devices through MMS, Stagefright 2.0 affects devices running on Android 1.0 to 5.0 through the web browser, with malicious ads, man-in-the-middle attacks (MITMA), or mobile spear phishing.

Google has since informed its partners of the issues and released an over-the-air (OTA) security fix for Nexus devices after almost two months. According to the Nexus Security Bulletin posted on Oct. 5, Google also released source code patches to the Android Open Source Project (AOSP) repository to address the issues. “Builds LMY48T or later (such as LMY48W) and Android M with Security Patch Level of October 1, 2015 or later addresses these issues,” Google states in the bulletin.

In light of the recent Android vulnerabilities, Google, LG, and Samsung are pushing for monthly fixes, although HTC president Jason Mackenzie recently tweeted that it is “unrealistic” to guarantee security updates every month because of the carrier approval process. Despite the promise of the monthly updates, these manufacturers are still waiting to acquire Stagefright fixes.

Enabling Android's app verification feature offers an additional layer of security by checking installed apps and notifies users about potentially harmful app activity.  Hangouts and Messenger applications were also updated so that shared media will not be automatically downloaded to vulnerable processes, including mediaserver.

To defend against Stagefright 2.0 and other malware attacks, users are advised to keep their software and apps updated to the latest version. Safe online habits and downloading apps from official app stores can also reduce risks for unpatched devices.

HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.

Veröffentlicht in Mobile Safety, Android, Mobile Malware