Stagefright, the notorious Android vulnerability that just won’t quit, has another vulnerability joining the ranks after an independent security research firm discovered a new ‘high-severity’ vulnerability that affects nearly every android device currently in use.
Dogged android vulnerability Stagefright strikes again. Trend Micro, the security research firm has discovered a new vulnerability in the way videos are used and handled in Android, which researchers warn could potentially allow a malicious attacker to execute their own code on android devices, the Guardian reports.
Related article: Simple Android Hack Leaves 95% Devices Vulnerable
Affecting the mediaserver component within Android again, the disclosure of the vulnerability ensures that it joins other recent vulnerabilities including the much-publicized Stagefright bug which can be used to install malware onto an Android device via a simple multimedia message.
Stagefright, Part 2.
The newly discovered vulnerability leaves Android versions 2.3 to 5.1.1 vulnerable, researchers say. This essentially means that all Android phones from 2010, when version 2.3 came about, to the current generation of Lollipop (5.1.1) devices are rendered vulnerable.
Wish Wu, a security research engineer at Trend Labs brings focus to the vulnerability in a blog post at Trend Micro, saying:
“With this new vulnerability, an attacker would be able to run their code with the same permissions that the mediaserver program already has as part of its normal routines.
“Since the mediaserver component deals with a lot of media-related tasks including taking pictures, reading MP4 files, and recording videos, the privacy of the victim may be at risk. Devices with customized versions of Android but with no modification made to the media server component are also affected.”
Furthermore, Google has fixed the vulnerability via the Android Open Source Project (AOSP). However, the patch is yet to reach end users because of the complicated android ecosystem which involves mobile carriers and phone manufacturers.
The vulnerability, deemed to be one of ‘high severity’ by Google’s engineers themselves is particularly hard to spot because of how sneaky it can be. The malicious app does not ask for permissions, thereby not raising any suspicions and it can be dormant for weeks and even months before launching its exploit.
“Real-world attacks won’t involve apps that are easy to detect,” Wu added.
In a welcome sight, Trend Micro reveals that end users can immediately block the threat of attacks involving arbitrary code execution by Trend Micro’s Mobile Security Application (TMMS) which helps detect threats actively trying to exploit the vulnerability. Another solution is to reboot the Android device into ‘safe mode’ in order to uninstall any malicious applications, recommended to advanced users only.
Google hasn’t made any comment on the latest vulnerability, yet.