A billion Android phones are vulnerable to new Stagefright bugs

[about_average]

Stagefright 2.0, as it's being dubbed by researchers from security firm Zimperium, is a set of two bugs that are triggered when processing specially designed MP3 audio or MP4 video files. The first flaw, which is found in the libutils library and is indexed as CVE-2015-6602, resides in every Android version since 1.0, which was released in 2008. The vulnerability can be exploited even on newer devices with beefed up defenses by exploiting a second vulnerability in libstagefright, a code library Android uses to process media files. Google still hasn't issued a CVE index number for this second bug.

When combined, the flaws allow attackers to used booby-trapped audio or video files to execute malicious code on phones running Android 5.0 or later. Devices running 5.0 or earlier can be similarly exploited when they use the vulnerable function inside libutils, a condition that depends on what third-party apps are installed and what functionality came preloaded on the phone. In a blog post published Thursday, Zimperium researchers wrote:

http://arstechnica.com/security/201...hones-are-vulnerable-to-new-stagefright-bugs/

And probably only 10%, at most, will get the fix, because of how Google, OEM's and providers work together. If you can call it working together.
http://arstechnica.com/gadgets/2015/08/waiting-for-androids-inevitable-security-armageddon/

 

[Sean]

Cyanogenmod ftw.

 

[about_average]

I doubt if a very high percentage of users are up to running Cyanogenmod.

 

[Liar]

What are those audio and video files you speak of? That thing people used before Spotify and Netflix?

 

[about_average]

https://www.google.com/search?q=cats+filetype:mp4&ie=utf-8&oe=utf-8&client=ubuntu&channel=fs

 

[warrior queen]

It's all well and good to warn me about a virus that's going to fry my phone....but without telling me which specific files/sites to avoid, and giving me a link to an awesome antivirus program to catch it, this is little more than yet another blurt.
My phone has survived every other dire virus threat so far, so I think I'm good.
But you never know...

Details! I need details

 

[OjosMojo]

Spoon fed! I demand to be spoon fed.