This is nothing major, no need to turn off your smartphones or to increase your blood pressure. See this Video for POC For the common users & kids
CVE-2015-3829 – Integer Overflow, Remote Code Execution, MP4 Atom.CVE-2015-3828 – Integer Underflow, Remote Code Execution, 3GPP.CVE-2015-3827 – Integer Overflow, Remote Code Execution, MP4 Atom.CVE-2015-3826 – Buffer Overread, 3GPP Metadata.CVE-2015-3824 – Integer Overflow, Remote Code Execution, MP4 Atom.CVE-2015-1539 – Integer Overflow, Remote Code Execution, MP4 Atom.CVE-2015-1538 – Integer Overflow, Remote Code Execution, MP4 Atom.The type of vulnerability, Impact & vulnerable object are mentioned respectively. In depth technical details are not available though they are assigned the following CVE numbers. There are a set of seven remote code execution & privilege escalation vulnerabilities in the stagefright library. Though he has reported it to google & they have released patches, security researchers believe that there are still 950 million android devices that are vulnerable. In April 2015 an zLabs Security Researcher name Joshua Drake discovered this vulnerability in the Stagefright library. The R&D team of zLabs company officially presented the vulnerabillity in Blackhat USA Aug 5 & DEFCON 23 on Aug 7. In August 2015 (ie this month when this article was written), a company named, Zimpremium providing enterprise mobile security solutions & services, discovered a set of vulnerabilities in the stagefright library. But C++ is more prone to memory corruption & overflows. This was written in C++ native in order to improve media processing performance. Stagefright is actually a collective set of media formats bundled into a single library used for media playback in android OS.
So first and foremost, now itself switch off the auto-download Media option in Messaging, Google Hangouts & other specific services you have installed in your android device.
By doing so, the attacker can access your emails, facebook, whatsapp & many other services in your device. If the malicious MMS gets downloaded in your device the attacker gets access. An attacker can gain access to your device by sending you a malicious MMS. It can be through your carrier services or Google Hangouts or any other services which has auto download MMS enabled. Basically speaking, stagefright vulnerability is the flaw which allows an attacker to control your android device by sending you an MMS message. Stagefright is one of the latest large scale vulnerabilities that swept up to a billion android devices all over the world. Find out whether your device is vulnerable & Defend against Stagefright Vulnerability
0 kommentar(er)
