Researchers have discovered a vulnerability in the media server of Android again, the same part where previously several other vulnerabilities were found, including severe Stage Fright leak . Through the latest vulnerability an attacker can execute arbitrary code on the device with the media rights server.
Thus, an attacker can take photos, create videos and previously made videos. The problem is present in Android 2.3 to 5.1.1, which represents almost all Android devices in circulation. To be attacked, the user must first install a malicious app via the vulnerability. This app does not require any permission, which can give users a false sense of security. Once activated an attacker could execute arbitrary code with the rights of media server.
The media server is involved in all kinds of media-related tasks, such as taking pictures, reading MP4 files and recording videos. "This allows the user privacy at risk", says Wish Wu of the Japanese anti-virus company Trend Micro discovered that the vulnerability. The virus fighter warned Google on June 19 that the leak as "high severity" labeled. On August 1, Google has published a patch for the Android Open Source Project (AOSP), but it is unclear if the update has already among users and suppliers is spread.
No comments:
Post a Comment