The patch for Android's Stagefright vulnerability won't actually protect your phone, some security researchers say. According to Jordan Gruskovnjak and Aaron Portnoy of Exodus Intelligence, a malformed MP4 file can still create a buffer overflow, a vulnerability that could then be used to compromise 950 million Android phones.
The Exodus blog post walks through the vulnerability. A function in libStagefright reads two values from an MP4 file's header, chunk_size and chunk_type, as 32-bit integers. If the header returns a value of 0x01 for chunk_size, then a 64-bit value is read from the MP4 instead. According to the researchers, if an MP4 is crafted with a chunk size of 0x1fffffff (or any other value outside the bounds of a 32-bit integer), a flaw in the Stagefright patch's boundary-checking code means it's still possible to cause a buffer overflow.
Exodus says it notified Google of its findings on August 7. The company asked Google for a timeframe for another fix, but has not received a response. Since the Stagefright vulnerabilities were originally reported to Google in April, and it's been more than 90 days since that original disclosure, Exodus has decided to make the results of its research public. For now, even patched Android devices appear to remain vulnerable to the bug.
|Samsung's Notebook 9 portables rock eighth-gen Core i7s||2|
|Thursday deals: a nice Z370 mobo, a huge VA display, and more||0|
|Rumor: Ryzen 2 set for Q1 2018 and a Fenghuang APU breaks cover||42|
|TR's 2017 Christmas giveaway: eight days left and counting||7|
|MSI gives Radeon RX Vega cards an Air Boost||22|
|Corsair's latest SO-DIMM kit takes 32 GB of DDR4 to 4000 MT/s||8|
|Report: Intel Inside co-marketing program will get a budget cut||32|
|Gingerbread House Day Shortbread||17|
|iMac Pro details and release date come into focus||49|