The patch for Android's Stagefright vulnerability won't actually protect your phone, some security researchers say. According to Jordan Gruskovnjak and Aaron Portnoy of Exodus Intelligence, a malformed MP4 file can still create a buffer overflow, a vulnerability that could then be used to compromise 950 million Android phones.
The Exodus blog post walks through the vulnerability. A function in libStagefright reads two values from an MP4 file's header, chunk_size and chunk_type, as 32-bit integers. If the header returns a value of 0x01 for chunk_size, then a 64-bit value is read from the MP4 instead. According to the researchers, if an MP4 is crafted with a chunk size of 0x1fffffff (or any other value outside the bounds of a 32-bit integer), a flaw in the Stagefright patch's boundary-checking code means it's still possible to cause a buffer overflow.
Exodus says it notified Google of its findings on August 7. The company asked Google for a timeframe for another fix, but has not received a response. Since the Stagefright vulnerabilities were originally reported to Google in April, and it's been more than 90 days since that original disclosure, Exodus has decided to make the results of its research public. For now, even patched Android devices appear to remain vulnerable to the bug.
|1. BIF - $340||2. Ryu Connor - $250||3. mbutrovich - $250|
|4. YetAnotherGeek2 - $200||5. End User - $150||6. Captain Ned - $100|
|7. Anonymous Gerbil - $100||8. Bill Door - $100||9. ericfulmer - $100|
|10. dkanter - $100|
|Zotac and Thermaltake join forces for a liquid-cooled GTX 1080||3|
|Xiaomi reveals Mi Mix phone with a 6.4" edgeless display||8|
|Zotac Magnus EN1080 may be the fastest mini-PC yet||14|
|Seagate 5TB BarraCuda and 2TB FireCuda drives are big and speedy||22|
|Nvidia licenses Rambus' DPA tech for side-channel data leak prevention||17|
|iOS 10.1 update includes portrait mode beta for iPhone 7 Plus||6|
|Lenovo ThinkCentre and ThinkPad machines pack AMD PRO APUs||27|
|Biostar belatedly announces GTX 1060 graphics cards||15|
|HyperX Alloy keyboard gets lean and mean for FPS gaming||11|
|Signing your posts is daftly redundant. Meadows||+27|