Menu
Google patches second round of Stagefright flaws in Android

Google patches second round of Stagefright flaws in Android

More flaws have been found in how Android processes metadata in certain files

Google has issued patches for two new Stagefright-related vulnerabilities, one of which affects Android versions going back to 2008 and puts millions of users at risk.

The flaws were found by security company Zimperium, which also unearthed the original Stagefright flaws in April.

In an advisory Monday, Google said it didn't appear that attackers have started exploiting the vulnerabilities yet.

The latest flaws are only slightly less dangerous than their predecessors, which allowed a device to be compromised merely by sending a specially crafted multimedia message (MMS). An attacker needed only to know the victim's phone number.

To exploit the latest flaws, dubbed Stagefright 2.0, an attacker would have to convince a user to visit a website and play a piece of audio or video content.

The vulnerabilities relate to problems with how Android processes metadata within that content, Zimperium said in a blog post.

Google has released an over-the-air update for its Nexus Android devices and had notified its partners of the issues by Sept. 10, the company said.

Zimperium held off releasing proof-of-concept exploit code but will allow some of its partners to see it later this month, it said.

In light of the number of users affected by Stagefright, Google said in August it would begin issuing monthly security patches, mirroring steps taken years ago by companies including Microsoft for desktop software.

Still, fixing software problems on mobile devices is a disjointed affair and users are dependent on device manufacturers and operators for timely patching. After Google's announcement, major manufacturers including Samsung and LG also committed to monthly patching.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Examining the changing job scene in the Kiwi channel

Examining the changing job scene in the Kiwi channel

Typically, the New Year brings new opportunities for personnel within the Kiwi channel. 2017 started no differently, with a host of appointments, departures and reshuffles across vendor, distributor and reseller businesses. As a result, the job scene across New Zealand has changed - here’s a run down of who is working where in the year ahead…

Examining the changing job scene in the Kiwi channel
​What are the top 10 tech trends for New Zealand in 2017?

​What are the top 10 tech trends for New Zealand in 2017?

Digital Transformation (DX) has been a critical topic for business over the last few years and IDC is now predicting a step change as DX reaches macroeconomic levels. By 2020 a DX economy will emerge and it will become the core of what New Zealand industries focus on. From the board level through to the C-Suite, Kiwi organisations must be prepared to think and act digital when the DX economy emerges in 2017.

​What are the top 10 tech trends for New Zealand in 2017?
Show Comments