Roughly a month after the frightful Stagefright Android vulnerability was disclosed, Zimperium's security researchers have published sample code for exploiting the bug. As a refresher, Stagefright is a critical vulnerability in Android that allows attackers to perform remote code execution, and it affected 95% of Android handsets at the time it was reported. For the nitty-gritty, you can watch this Black Hat conference video.
Since the disclosure, Google has published updated versions of its Hangouts and Messaging apps, plugging the worst of the attack vectors—a booby-trapped MMS could provide root access to an attacker, oftentimes with no indication to the user that something funky was happening. Zimperium notes that MMSs are only one of over ten attack vectors, though, and it's created an app called Stagefright Detector so that users can check if and how their devices are affected. The security company's tests have also been integrated into the Android Compatibility Test Suite, which means all future devices must include the Stagefright patch to be deemed "Android Compatible."
Zimperium reported two sets of vulnerabilities to Google back in April and May, some of which carry a critical severity rating. Google integrated fixes for all of those disclosures in the main Android Open Source Project source tree, but it's still up to the OEMs and carriers to provide updated versions of their devices' firmware. The disclosure of sample exploit code should hopefully light a fire under their collective bottoms.
|1. BIF - $340||2. Ryu Connor - $250||3. mbutrovich - $250|
|4. YetAnotherGeek2 - $200||5. End User - $150||6. Captain Ned - $100|
|7. Anonymous Gerbil - $100||8. Bill Door - $100||9. ericfulmer - $100|
|10. dkanter - $100|
|G.Skill KM570 MX keyboard goes back to the basics||0|
|Intel's Purley server platform won't use 3D XPoint memory||1|
|In the lab: EVGA's GeForce GTX 1050 Ti Superclocked graphics card||29|
|iPhone sales continue to shrivel in Apple's fiscal fourth quarter||37|
|Leaked MacBook Pro pics suggest OLED touch bar and Touch ID||27|
|Eizo FlexScan EV2780 monitor cuts cable clutter||9|
|Nvidia's GeForce GTX 1060 graphics card reviewed||85|
|Xiaomi reveals Mi Mix phone with a 6.4" edgeless display||32|
|Zotac and Thermaltake join forces for a liquid-cooled GTX 1080||4|
|Signing your posts is daftly redundant. Meadows||+29|