Security researchers at Zimperium zLabs have discovered a new "Stagefright" vulnerability that could make your Android phone vulnerable simply by opening an MP3 file. It is said that there are now several ways to exploit this vulnerability. One of the attack methods will affect almost all Android phones, because as long as the phone is running Android 1.0 and higher versions of the system released in 2008, it will be affected; the other attack methods are mainly aimed at Android 5.0 and higher versions of the system. The attack, called the "Stagefright 2.0 attack," is related to the way the system handles metadata in MP3 or MP4 files and allows an attacker to execute remote code on a user's phone as long as the Android system on the user's phone previews a specially crafted song or video file. It also affects third-party applications, as this vulnerability was found in the libstagefright library used by some media players. As of the time of writing, the security community has not found any real cases of attacks using this method. There is no proof-of-concept code for the vulnerability as it has not yet been patched, but the company will update its Stagefright detection app once a solution is publicly released. The researchers reported the vulnerability to Google on August 15 , and Google plans to release a patch to fix the vulnerability in the Nexus security bulletin in the second week of October. Some mobile phone manufacturers such as Xiaomi, Samsung, HTC and Sony will also release upgrade patches themselves, but they have not yet disclosed the specific plans. According to Motherboard, Android Marshmallow will incorporate the patch, but it will be limited to the latest devices. The situation is less optimistic for older devices that no longer receive updates. The security hole may be fixed, but unless users manually flash their phones to a newer version, they could be vulnerable at any time. Such a large-scale attack on the Internet would have catastrophic consequences because it would only require a user to visit a URL containing a malicious file, which can be easily done, such as executing a download command in a seemingly legitimate song. As a winner of Toutiao's Qingyun Plan and Baijiahao's Bai+ Plan, the 2019 Baidu Digital Author of the Year, the Baijiahao's Most Popular Author in the Technology Field, the 2019 Sogou Technology and Culture Author, and the 2021 Baijiahao Quarterly Influential Creator, he has won many awards, including the 2013 Sohu Best Industry Media Person, the 2015 China New Media Entrepreneurship Competition Beijing Third Place, the 2015 Guangmang Experience Award, the 2015 China New Media Entrepreneurship Competition Finals Third Place, and the 2018 Baidu Dynamic Annual Powerful Celebrity. |
<<: Starting at RMB 129,800, Aion Tyrannosaurus Rex aims to be a new global classic
>>: Just for show? Why do mobile phone manufacturers develop their own processors?
Only one year later, Musk's Neuralink company...
With the global release of iPhone 7 and iPhone 7 ...
On October 7, Microsoft held a new press conferen...
Preface With the popularity of cloud computing, s...
In the past six or seven years, I have been starti...
Three bad habits that consumers are prone to: Not...
Based on practical experience and combined with i...
This afternoon, Xunlei initiated and hosted the &...
The configuration of the server is closely relate...
In the green belts of many cities, you can often ...
The recent uproar over the PS4 unlocking region &...
Internet marketing has a history of more than 20 ...
Crabs are delicious and fun aquatic creatures. Th...
Honda's fifth-generation CR-V will go on sale...
The cost of big search has been quite good recent...