Security researchers at Zimperium zLabs have discovered a new "Stagefright" vulnerability that could make your Android phone vulnerable simply by opening an MP3 file. It is said that there are now several ways to exploit this vulnerability. One of the attack methods will affect almost all Android phones, because as long as the phone is running Android 1.0 and higher versions of the system released in 2008, it will be affected; the other attack methods are mainly aimed at Android 5.0 and higher versions of the system. The attack, called the "Stagefright 2.0 attack," is related to the way the system handles metadata in MP3 or MP4 files and allows an attacker to execute remote code on a user's phone as long as the Android system on the user's phone previews a specially crafted song or video file. It also affects third-party applications, as this vulnerability was found in the libstagefright library used by some media players. As of the time of writing, the security community has not found any real cases of attacks using this method. There is no proof-of-concept code for the vulnerability as it has not yet been patched, but the company will update its Stagefright detection app once a solution is publicly released. The researchers reported the vulnerability to Google on August 15 , and Google plans to release a patch to fix the vulnerability in the Nexus security bulletin in the second week of October. Some mobile phone manufacturers such as Xiaomi, Samsung, HTC and Sony will also release upgrade patches themselves, but they have not yet disclosed the specific plans. According to Motherboard, Android Marshmallow will incorporate the patch, but it will be limited to the latest devices. The situation is less optimistic for older devices that no longer receive updates. The security hole may be fixed, but unless users manually flash their phones to a newer version, they could be vulnerable at any time. Such a large-scale attack on the Internet would have catastrophic consequences because it would only require a user to visit a URL containing a malicious file, which can be easily done, such as executing a download command in a seemingly legitimate song. As a winner of Toutiao's Qingyun Plan and Baijiahao's Bai+ Plan, the 2019 Baidu Digital Author of the Year, the Baijiahao's Most Popular Author in the Technology Field, the 2019 Sogou Technology and Culture Author, and the 2021 Baijiahao Quarterly Influential Creator, he has won many awards, including the 2013 Sohu Best Industry Media Person, the 2015 China New Media Entrepreneurship Competition Beijing Third Place, the 2015 Guangmang Experience Award, the 2015 China New Media Entrepreneurship Competition Finals Third Place, and the 2018 Baidu Dynamic Annual Powerful Celebrity. |
<<: Starting at RMB 129,800, Aion Tyrannosaurus Rex aims to be a new global classic
>>: Just for show? Why do mobile phone manufacturers develop their own processors?
The May Day holiday is coming. I feel happy just ...
Produced by: Science Popularization China Author:...
1. What is the use of dou+? 1. Become popular (in...
I believe everyone is no stranger to the saying &...
The cover image of this article comes from the co...
[[120515]] In early September, Google brought And...
Android TV game, this term has long become a shor...
How popular is the Liu Genghong phenomenon ? Afte...
Too long to read Large dogs may have shorter life...
Recently, 44-year-old actress Joe Chen posted on ...
In the first week of September 2023, there were 1...
The view that everyone has always accepted is to ...
Today, the editor will share with you a fire engi...
As we all know, technology has been constantly im...