Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Android 'Stagefright' exploit

 

Systems Affected


The Stagefright Bug 2.0 vulnerability can be triggered (attack vectors) by:

Webpage
Man-in-the-middle attack
Third-party media player
Instant messaging apps.

Threat Level


High


Overview


More than 1 Billion Android devices are vulnerable to hackers once again Thanks to newly disclosed two new Android Stagefright vulnerabilities.


Description


Both newly discovered vulnerabilities (CVE-2015-6602 and CVE-2015-3876) also reside in the Android Media Playback Engine called 'Stagefright' and affects all Android OS version from 1 to latest release 5.1.1.

Reportedly, merely previewing a maliciously crafted song or video file would execute the Stagefright Bug 2.0 exploit, allowing hackers to run remote codes on the victim's Android device.

And this time, the flaw allows an attacker to hack Android smartphones just by tricking users into visiting a website that contains a malicious multimedia file, either MP3 or MP4.


Impact



Solution/ Workarounds


  ✻  Update the latest version of the Mozilla's Firefox on Windows, Linux and Mac.


References


http://thehackernews.com/2015/10/android-stagefright-vulnerability.html


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.