Metaphor: New Stagefright Exploit Puts Millions of Android Devices at Risk… Again

In late July of 2015, a number of vulnerabilities were found on Android's libStageFright multimedia component. Called Stagefright, the vulnerability put millions of Android devices at risk, allowing remote code execution after receiving an MMS message, downloading a video file, or opening a page embedded with multimedia content. Trend Micro discovered one such vulnerability within the Stagefright library during that time that could virtually "kill" an Android device when exploited. 

[Read: Stagefright vulnerability affects 950 million users]

Google has since distributed Stagefright patches for the vulnerabilities (and said that the company would implement a regular patching schedule), but it appears that there are still some flaws that can still be exploited. Researchers from NorthBit released a document that provides details on a working Stagefright exploit of the CVE-2015-3864 vulnerability. Dubbed "Metaphor", the exploit is said to affect devices running on Android versions 2.2 to 4.0, and is able to bypass ASLR1 on versions 5.0 to 5.1.

The paper details how an Android device can be hijacked. The victim is tricked into visiting a malicious webpage—and staying on the page—while the exploit runs. Behind the scenes, a video file on the page forces a mediaserver crash, causing it to restart. Javascript on the webpage then waits for mediaserver to restart, then sends the device's information back to the attacker's server. Using the information gathered, another malware-embedded video file is sent to the device. Once executed, the code gives an attacker control over the device—allowing them to spy or steal information through the device.

While Google is expected to release a patch soon to fix the flaws exploited by Metaphor, it might not be fast enough. Patching the round of Stagefright bugs found last year is still said to be spotty, thanks to the number of manufacturers and carriers involved in patch distribution, and it's no different today. Owners of affected devices are advised to update their software as soon as a patch becomes available.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.