Stagefright vulnerability was first discovered in April, the vulnerability allowed attackers to target Android phones over text or MMS, exploiting a weakness in Android’s multimedia preview function. And after three months its happening again, this time the bugs has new name – Stagefright 2.0.
The same team, Zimperium Mobile Threat Protection, zLabs VP of Research Joshua J. Drake again found a set of another two vulnerabilities and bug named Stagefright 2.0. The new vulnerability is attacking Android phones by encoding a malicious program into an audio file, delivered over mp3 or mp4. Once a user previews the file or visits a page where that file is embedded, Android’s audio preview will activate the program, infecting the device. And the worst part is he virus can also be deployed by an attacker on a public Wi-Fi network.
Also See : [p2p type=”slug” value=”major-security-flaw-in-android-lollipop-smartphone” attributes=”target=’_blank'”]Major Security Flaw In Android Lollipop Allows Anyone To Unlock Your Smartphone[/p2p]
The vulnerability lies in the processing of metadata within the files, so merely previewing the song or video would trigger the issue. One of the exploits –assigned a Common Vulnerabilites and Exposures (CVE) number of CVE-2015-6602 – reportedly affects Android devices from 1.0 above, the second, unnumbered vulnerability affects devices running 5.0 and above.This second vulnerability may also affect third-party applications due to the issue being found within the libstagefright library used by some media players.
Also See : [p2p type=”slug” value=”virus-in-candy-crush-and-other-popular-games-attacking-android-users” attributes=”target=’_blank'”]Virus In Candy Crush And Other Popular Games Attacking Android Users[/p2p]
According to Motherboard, Zuk Avraham, Zimperium zLabs’ founder and Chief Technology Officer, said that 1.4 billion people are likely affected by the vulnerabilities, explaining, “I cannot tell you that all of the phones are vulnerable, but most of them are.”
Google’s latest Android operating system, Marshmallow, will reportedly carry the fix for the issue, though older devices that cannot be updated to Android Marshmallow may end up being stuck with vulnerabilities inside them.
Also See : [p2p type=”slug” value=”ransomware-porn-app-attacking-android-users” attributes=”target=’_blank'”]Ransomware In The Form Of A Fake Porn App Attacking Android Users[/p2p]