Menu
Google patches second round of Stagefright flaws in Android

Google patches second round of Stagefright flaws in Android

More flaws have been found in how Android processes metadata in certain files

Google has issued patches for two new Stagefright-related vulnerabilities, one of which affects Android versions going back to 2008 and puts millions of users at risk.

The flaws were found by security company Zimperium, which also unearthed the original Stagefright flaws in April.

In an advisory Monday, Google said it didn't appear that attackers have started exploiting the vulnerabilities yet.

The latest flaws are only slightly less dangerous than their predecessors, which allowed a device to be compromised merely by sending a specially crafted multimedia message (MMS). An attacker needed only to know the victim's phone number.

To exploit the latest flaws, dubbed Stagefright 2.0, an attacker would have to convince a user to visit a website and play a piece of audio or video content.

The vulnerabilities relate to problems with how Android processes metadata within that content, Zimperium said in a blog post.

Google has released an over-the-air update for its Nexus Android devices and had notified its partners of the issues by Sept. 10, the company said.

Zimperium held off releasing proof-of-concept exploit code but will allow some of its partners to see it later this month, it said.

In light of the number of users affected by Stagefright, Google said in August it would begin issuing monthly security patches, mirroring steps taken years ago by companies including Microsoft for desktop software.

Still, fixing software problems on mobile devices is a disjointed affair and users are dependent on device manufacturers and operators for timely patching. After Google's announcement, major manufacturers including Samsung and LG also committed to monthly patching.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments