Menu
Google patches second round of Stagefright flaws in Android

Google patches second round of Stagefright flaws in Android

More flaws have been found in how Android processes metadata in certain files

Google has issued patches for two new Stagefright-related vulnerabilities, one of which affects Android versions going back to 2008 and puts millions of users at risk.

The flaws were found by security company Zimperium, which also unearthed the original Stagefright flaws in April.

In an advisory Monday, Google said it didn't appear that attackers have started exploiting the vulnerabilities yet.

The latest flaws are only slightly less dangerous than their predecessors, which allowed a device to be compromised merely by sending a specially crafted multimedia message (MMS). An attacker needed only to know the victim's phone number.

To exploit the latest flaws, dubbed Stagefright 2.0, an attacker would have to convince a user to visit a website and play a piece of audio or video content.

The vulnerabilities relate to problems with how Android processes metadata within that content, Zimperium said in a blog post.

Google has released an over-the-air update for its Nexus Android devices and had notified its partners of the issues by Sept. 10, the company said.

Zimperium held off releasing proof-of-concept exploit code but will allow some of its partners to see it later this month, it said.

In light of the number of users affected by Stagefright, Google said in August it would begin issuing monthly security patches, mirroring steps taken years ago by companies including Microsoft for desktop software.

Still, fixing software problems on mobile devices is a disjointed affair and users are dependent on device manufacturers and operators for timely patching. After Google's announcement, major manufacturers including Samsung and LG also committed to monthly patching.

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

​Ingram Micro’s Hooked on Lenovo incentive programme recently rewarded 28 of New Zealand's top performing resellers with a full-on fishing trip at Great Barrier Island for the third year​ in a row.

Tight lines as Hooked on Lenovo catches up at Great Barrier Island
Inside the AWS Summit in Sydney

Inside the AWS Summit in Sydney

As the dust settles on the 2017 AWS Summit in Sydney, ARN looks back an action packed two-day event, covering global keynote presentations, 80 breakout sessions on the latest technology solutions, and channel focused tracks involving local cloud stories and insights.

Inside the AWS Summit in Sydney
Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Ingram Micro hosted its third annual Cure Kids Charity Golf Tournament at the North Shore Golf Club in Auckland. In total, 131 resellers, vendors and Ingram Micro suppliers enjoyed a round of golf consisting of challenges on each of the 18 sponsored holes, with Team Philips taking out the top honours.

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day
Show Comments