This week it was announced that there was a very serious leak is present in Android which allows an attacker installed on millions of Android phones malware by only sending a single MMS message. Stage Fright, such as the vulnerability is known, however, is also to attack in other ways, according to the Japanese anti-virus company Trend Micro .
Security Zimperium Stage Fright made known this week. Trend Micro says that it has also found the same vulnerability independently of Zimperium and on May 19 of this year has been reported to Google. This implies that at least two parties have discovered a critical vulnerability of this magnitude and this then Google decided to report.
Attack Vectors
Trend Micro, however, that there are more ways to use Stage Fright. In addition to sending an MMS message, an attacker can use an app to attack the vulnerability, and the use of a website. The vulnerability is caused by the way the Android media server handles MP4 files. This allows an attacker to cause a heap overflow and then execute arbitrary code such as installing malware.
In addition to sending a malicious MP4 file from an MMS message, it is also possible to embed such a file in a Web site or by allowing an app to open, and thereby infect an Android phone with malware. Google has already rolled out an update, but many Android users for patches depend on their telecom provider or manufacturer of the device if the device is still supported.According to Trend Micro, the problem in Android version 4.0.1 to 5.1.1, which represents 94% of all Android devices.
No comments:
Post a Comment